Cox Cable Hacked Data Breach Exposes User Details

Author

Reads 1.2K

Crop hacker silhouette typing on computer keyboard while hacking system
Credit: pexels.com, Crop hacker silhouette typing on computer keyboard while hacking system

Cox Communications, a major cable and internet service provider in the US, suffered a data breach that exposed sensitive user information.

The breach was discovered on April 26, 2023, and it is believed to have occurred in 2022.

Cox has notified over 9.3 million customers that their personal data was compromised.

The compromised data includes names, addresses, phone numbers, and email addresses.

Recommended read: Cox Cable Data Usage

Cox Communications Data Breach

Cox Communications has recently fallen victim to a hacking attack, with a hacker gaining access to company servers by impersonating a member of their Customer Support team.

The hacker may have viewed sensitive information from customer accounts, including names, addresses, phone numbers, and account security details.

Cox has notified law enforcement of the incident and is contacting impacted customers to inform them of the breach.

It's recommended that Cox customers change their passwords and security question(s) as a precautionary measure.

Payment card information associated with impacted accounts has not been specifically mentioned, but it's a good idea to monitor your payment cards tied to your Cox account just in case.

Cox is offering one free year of Experian Identity Works, a program that can help monitor credit reports and detect signs of fraudulent activity.

Discovering a Breach

Credit: youtube.com, U.S. Cyber Officials Order Emergency Response After Federal Breach

A Cox customer recently discovered a breach in their account when they noticed a suspicious IP address replaying their internet traffic. This was likely due to a compromised modem, which is a common entry point for hackers.

The customer suspected that their modem had been compromised after observing an unknown IP address intercepting and replaying their traffic. They tested different devices and servers, confirming the persistence of this behavior.

The modem in question was a Cox Panoramic Wifi gateway, which had likely been compromised by hackers. The customer handed over the device to the ISP, receiving a new one that stopped the suspicious behavior.

The lack of access to the compromised modem hindered further investigation at the time, making it difficult to determine the extent of the breach.

Revisiting the Case

In early 2024, a cybersecurity researcher revisited a case that would lead to a startling discovery. This researcher decided to take another look at a suspicious IP address that had been used as a C&C server with domains following an algorithmic naming convention.

Credit: youtube.com, WAVY Archive: 1983 Cox Cable Reaction on the Increase

This naming convention pointed towards a domain generation algorithm typically used by malware operators, suggesting the presence of sophisticated malware infrastructure. The researcher was intrigued by this finding and decided to probe the Cox Business portal.

Through this probe, the researcher discovered a plethora of API calls that facilitated device management, including retrieving MAC addresses and executing arbitrary commands on modems. The researcher identified vulnerabilities in these API calls that allowed unauthorized access to customer data and device settings.

The vulnerabilities were so severe that they granted attackers the same permissions as ISP support staff, allowing them to control any modem within the network. The researcher confirmed this through meticulous testing.

Here's a timeline of the events that followed:

  • 03/04/2024 – Vulnerability reported to Cox via their responsible disclosure program.
  • 03/05/2024 – Vulnerability hot-patched, all non-essential business endpoints return 403 and no longer function.
  • 03/06/2024 – Researcher confirms inability to reproduce the vulnerability.
  • 03/07/2024 – Cox begins comprehensive security review.
  • 04/10/2024 – Researcher informs Cox of intent to disclose the findings 90 days from initial disclosure.
  • 04/29/2024 – Researcher shares a draft of the final blog post with Cox.

Frequently Asked Questions

How do I secure my Cox network?

To secure your Cox network, tap "Advanced Security" and then "Turn on" to activate protection from cyber threats. This simple step will safeguard your network from phishing and malicious websites.

Victoria Kutch

Senior Copy Editor

Victoria Kutch is a seasoned copy editor with a keen eye for detail and a passion for precision. With a strong background in language and grammar, she has honed her skills in refining written content to convey a clear and compelling message. Victoria's expertise spans a wide range of topics, including digital marketing solutions, where she has helped numerous businesses craft engaging and informative articles that resonate with their target audiences.

Love What You Read? Stay Updated!

Join our community for insights, tips, and more.