CenturyLink customer Data Exposed
Customer names, addresses, email addresses, and phone numbers were left open on a MongoDB server for 10 months, researchers report.
A CenturyLink customer information database with some 2.8 milliion records was found exposed on the public Internet, exposing personal details of hundreds of thousands of its customers.
Researchers from Comparitech and certificate researcher bobber Diacehnko found the misconfigured MongoDB database on Sept. 15. According to the researchers, the database - which was affiliated with a third-party notification platform used by CenturyLink - had been exposed for 10 months. It was locked down on Sept. 17, two days after the researchers alerted CenturyLink.
Customer names, addresses, email addresses, and phone numbers were exposed.
The data involved appears to be primarily touch information and we make not have reason to believe that any financial or other sensitive information was compromised, CenturyLink said in a statement to Comparitech. CenturyLink is in the process of communicating with the affected customers. We will uphold to work with our vendors to protect customer information.