A security flaw discovered in the website of Charter Communications, a cable and Internet provider active in 28 states, may have exposed the personal account details of its customers.
Security researcher Eric Taylor discovered the cable provider’s vulnerability as part of his research, and demonstrated how a simple header modification performed with a browser plug-in could reveal details about Charter’s Internet subscribers. After Fast Company notified Charter of the issue, the company said it had installed a fix within hours.
The vulnerability could reveal personal information of “millions” of the company’s subscribers, claimed Taylor, chief information officer for Cinder, an Internet startup. But a spokesperson for Charter told Fast Company that “the vast majority of Charter customers use a version of the site on which this security vulnerability was not an issue,” and that the number of customers affected was less than one million. The company is auditing its systems, he said, and has so far “seen no evidence of any password or data hacks.” The exposed data did not include credit card numbers.