WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected database that contained over 1.5 billion records. There were references to Comcast throughout the database including multiple subdomains, urls, and internal IP addresses. The publicly visible records included dashboard permissions, logging, client IPs, @comcast email addresses, and hashed passwords.
- The total size of the database was 477.95 GB and contained 1,507,301,521 (1.5 Billion) records.
- There were a large number of remote and internal IP addresses, node names and other details that could provide a blueprint for internal functionality, logging, and overall structure of the network. Even if it is a non-production environment it potentially mirrors the primary data structure and could hypothetically expose how the monitoring works or provide clues to where customer or production data is stored.
- In addition to the technical logs above mentioned, the server exposed email addresses and hashed passwords of Comcast’s Development team. As well as error logs, alerts, and job scheduling records that revealed cluster names, device names and many internal rules and tasks that were marked “Privileged =True”.
- Finally, were found IP addresses, Ports, Pathways, and storage information that cyber criminals could potentially exploit to access deeper into the network. Error logs also identified middleware that could also be used as a secondary path for malware or other vulnerabilities.