A third-party MongoDB database containing 2.8 million CenturyLink customer records and information was left unprotected exposing the data of several hundred thousand of the tech company’s customers.
The database
was found by the security firm Comparitech working with security researcher Bob
Diachenko. The initial finding took place on September 15, but it is believed
the information had been exposed on the internet for about 10 months, Comparitech
reported.
CenturyLink said in a statement sent to Comparitech that “The data involved appears to be primarily contact information and we do not have reason to believe that any financial or other sensitive information was compromised. CenturyLink is in the process of communicating with the affected customers.”
The information
contained included name, email address, phone number, home address, CenturyLink
account number, notification logs and conversation logs.
CenturyLink was immediately alerted to the problem and the database was locked down by September 17.
“After
alerting CenturyLink and allowing them time to resolve this issue, they
requested we hold off on publishing this report. This was to allow time for
CenturyLink to conduct an internal investigation and refer the matter to the
FCC before notifying their customers,” Comparitech said.