A third-party MongoDB database containing 2.8 million CenturyLink customer records and information was left unprotected exposing the data of several hundred thousand of the tech company’s customers.
The database was found by the security firm Comparitech working with security researcher Bob Diachenko. The initial finding took place on September 15, but it is believed the information had been exposed on the internet for about 10 months, Comparitech reported.
CenturyLink said in a statement sent to Comparitech that “The data involved appears to be primarily contact information and we do not have reason to believe that any financial or other sensitive information was compromised. CenturyLink is in the process of communicating with the affected customers.”
The information contained included name, email address, phone number, home address, CenturyLink account number, notification logs and conversation logs.
CenturyLink was immediately alerted to the problem and the database was locked down by September 17.
“After alerting CenturyLink and allowing them time to resolve this issue, they requested we hold off on publishing this report. This was to allow time for CenturyLink to conduct an internal investigation and refer the matter to the FCC before notifying their customers,” Comparitech said.