14 DAY TRIAL // You know your tech support service stinks when a security firm needs to ask the general public for help just to get in contact with one of your webmasters.
This is what happened today when security researchers from Risk Based Security (RBS) had to ask for help from their blog readers in order to reach Telly's support staff.
RBS researchers said they were unable to get in contact with Telly, after the company had failed to respond to their data breach notification sent via Twitter, Facebook, their website, and several emails found in the exposed data.
Telly database was exposing 700GB of user data
According to an account of the events published by RBS, Telly was running an unsecured MongoDB database with no password for the admin account.
This meant that attackers could access and freely download data from Telly's database. RBS says that Telly was exposing 700GB of internal data, which included sensitive user details for around 8 million users, such as email addresses, complete names, locations, and viewing habits.
If the name Telly doesn't ring a bell, that's because most people know it by the name TwitVid. The service, which was once the video-based homolog of TwitPic, had rebranded as Telly several years back, and after trying different business models, is now offering a Netflix-like video streaming service for Middle Eastern countries.
Telly secures database in four hours after RBS' plea for help
Seeing that after ten days Telly wasn't responding to their data breach notification, which they sent via various channels, RBS decided today to publish their findings, along with a list of email addresses and social media profiles, asking users to mass-message the company and tell them of their data breach.
Not your regular data breach notification process from a veteran security firm, but it got the job done.
Three hours later, RBS said Telly replied to their email and said they were investigating the issue. One hour after that, Telly secured its database.