If there's one company next to your bank you don't want to have a security flaw it's your Internet service provider. It stores your name, address, billing information, everywhere you've gone on the Internet and information about your connection that could let a hacker snoop on you.
An 18-year-old security researcher named Eric Taylor discovered one such flaw in the fourth largest Internet provider in the country. The ISP fixed it right away, but the flaw had been around for a long time before anyone noticed, so who knows what information was stolen.
The ISP is Charter Communications, and it serves 4.7 million customers. After reviewing the flaw, Charter says it potentially affected fewer than a million customers, and didn't expose any payment information.
However, according to Taylor, the flaw did give away a user's full name, email address, physical address and Internet hardware information. Plus it let hackers create additional usernames, user accounts and email addresses under a user's account. From there, they could take over the entire account.
The flaw happened because Charter's site identifies customers by their "unique" IP address for support purposes, and doesn't double check by asking for a password. The problem is that IP addresses are easy to fake using basic tools.
A hacker could have set up a program to enter random IP addresses and download the information that comes up. Then they could create a list of email addresses and send Charter customers fake emails that have malicious links and downloads.
With the hardware information in your account, a hacker could snoop on your Internet traffic. However, given the number of customers exposed, the odds of that are unlikely.
If you're a Charter customer, I would log into your account immediately and make sure everything is in order. You should also be suspicious of any email claiming to be from Charter but asking you to click a link or download an attachment. Click here to learn more about spotting tricky phishing scams.