A database of 2.8m records containing sensitive information regarding hundreds of thousands of CenturyLink’s customers leaked online.
The database comprised API logs with customer information and contained more than 2.8 million records in total. Because some customers were the subject of multiple records, the estimated number of customers affected is much lower, but still in the hundreds of thousands.
The type of data exposed was API logs of those communications. The customer records were in plain text (not encrypted) and held the following data:
- Email address
- Phone number
- Physical address
- CenturyLink account number
- Notification logs
- Conversation logs