A researcher for Kromtech discovered records for more than four million customers of Charter division Time Warner Cable and other companies' data that the research firm says Broadsoft stored on Amazon.com Inc.'s cloud service.
It's also another reminder of how easily data can be rendered insecure through poor processes and how information related to millions of individuals is managed not only by the companies that bill them but also by third party partners, adding to the risk of security slip-ups or breaches.
The repositories were linked to BroadSoft, a US-based company with offices worldwide that provides services to large communications companies including AT&T, Sprint and Vodafone.
"We see more and more examples of how bad actors use leaked or hacked data for a range of crimes or other unethical purposes", said Bob Diachenko, Kromtech's chief communications officer.
In a separate accident, files on thousands of Americans with high level security clearances were found on an unsecured Amazon server.
"The problem is that the repository was configured to allow public access and exposed extremely sensitive data in the process".
A spokesperson for BroadSoft said the company had verified that customer data was exposed to the public internet, but it does not believe the information to be "highly sensitive".
The files - more than 600 gigabytes in size containing sensitive information such as transaction ID, user names, Mac addresses, serial numbers, account numbers - were discovered on August 24 without a password by researchers of Kromtech.
"There is no indication that any Charter systems were impacted", Charter said.
Broadsoft could not be immediately reached for comment.
The information had been removed as soon as the company had been told it was visible, Charter told Reuters.
Time Warner Cable customers who have used the MyTWC app are encouraged to change their user names and passwords.
BroadSoft has hundreds of network operator customers, all of which will be wondering if any of their data is being held in exposed databases.
Verizon isn't the only big U.S. telecom whose corporate ally left customer data out in the open. "We apologise for the frustration and anxiety this causes, and will communicate directly to customers if their information was involved in this incident".