The WebsitePlanet research team in cooperation with security researcher Jeremiah Fowler discovered a non-password protected database that contained more than 1.5 billion records. The database belonged to American cable and internet giant Comcast, and the publicly visible records included dashboard permissions, logging, client IPs, @comcast email addresses, and hashed passwords.
There were a large number of remote and internal IP addresses, node names and other details that could provide a blueprint for internal functionality, logging, and overall structure of the network. Even if it is a non-production environment, say the researchers, it potentially mirrors the primary data structure and could hypothetically expose how the monitoring works or provide clues to where customer or production data is stored.
In addition to the technical logs above mentioned, the server exposed email addresses and hashed passwords of Comcast’s Development team, as well as error logs, alerts, and job scheduling records that revealed cluster names, device names and many internal rules and tasks that were marked “Privileged =True”.
Finally, the research team found IP addresses, Ports, Pathways, and storage information that cybercriminals could potentially exploit to access deeper into the network. Error logs also identified middleware that could also be used as a secondary path for malware or other vulnerabilities.
As soon as the researchers were confident that the data belonged to Comcast, they immediately sent a disclosure notice and reported their findings. In less than an hour the database was closed to public access and the researchers received a reply from their Security Defect Reporting team.
Fowler says, "I must admit this was among the fastest response times I have ever had. Comcast acted fast and professionally to restrict the data set that was accessible to anyone with an internet connection. The following day I received confirmation that this data did indeed belong to Comcast and that a limited number of employees were affected (development team). In a reply a member of the Comcast Product Security Incident Response Team (PSIRT) told me that this data was used for internal development and testing."
A spokesperson for Comcast told Security: “The database in question contained only simulated data, with no real employee, customer or company data, outside of four publicly available Comcast email addresses. The database was used for software development purposes and was inadvertently exposed to the Internet. It was quickly closed when the researcher alerted us of the issue. We value the work of independent security researchers in helping us to make our products and services safer and thank the researcher for his responsible disclosure in this matter.”
For detailed findings, please visit https://www.websiteplanet.com/blog/comcast-leak-report/