Hackers steal and dump 4,191 database records

Mar 1, 2016 12:27 GMT  ·  By

Members of the TeaMp0isoN hacking crew have hacked into the Time Warner Cable (TWC) Business Class website, stolen its database and dumped it online.

TWC Business Class is a managed security solution that offers firewall, anti-virus, anti-spyware, mobile VPNs, content filtering and intrusion prevention services to US enterprises. In layman terms, it's an Internet connection that comes with its own managed security center.

With only high-end business clients available, breaching the TWC Business Class website would normally yield valuable information that can be easily monetized on the Dark Web.

And so it happened, as TeaMp0isoN members announced on their Twitter feed two days ago. The incident is credited to team members Pseudo, Militis, Jimmy, and MLT, and also included a defacement of TWC Business Class homepage (removed in the meantime).

Hackers dump TWC Business Class database online

But the hackers weren't interested in selling data, as they explained in the defacement message, and instead of trying to monetize it, they dumped its content online. The database dump link is not working right now, but DataBreaches.net claims it included 4,191 records.

The leaked information is said to contain database IDs, usernames, email addresses, and encrypted passwords. DataBreaches.net says that the dump included information as recent as the middle of January, and that they informed TWC of the incident.

TeaMp0isoN has also stated that they used an SQL injection flaw to access the TWC backend. According to a recent Netsparker study, one in five of all the security vulnerabilities in open source software is an SQL injection.

Despite TWC probably using a custom backend, SQL injection flaws are also common in custom-coded platforms as well. The good thing is that SQL injections are easy to fix and prevent, and many Web Application Firewalls address these issues quite successfully.

Below is the defacement message, along with screengrabs of the TWC Business Class backend.

Time Warner Cable Bussiness Class backend
Time Warner Cable Bussiness Class backend

TWC Business Class Hack (3 Images)

Time Warner Cable Bussiness Class defacement message
Time Warner Cable Bussiness Class backendTime Warner Cable Bussiness Class backend
Open gallery