Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Businesses Crime Privacy Security

Time Warner Cable Warns 320,000 Customers of Possible Compromise (csoonline.com) 35

itwbennett writes: Time Warner Cable said on Wednesday that up to 320,000 customers have had their accounts compromised. 'We have not yet determined how the information was obtained, but there are no indications that TWC's systems were breached,' said Eric Mangan, public relations director for Time Warner Cable. 'The emails and passwords were likely previously stolen either through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored TWC customer information, including email addresses.' If this breach is like many others, expect that number of affected customers to grow, too.
This discussion has been archived. No new comments can be posted.

Time Warner Cable Warns 320,000 Customers of Possible Compromise

Comments Filter:
  • by Opportunist ( 166417 ) on Thursday January 07, 2016 @11:08AM (#51255947)

    So what "other companies" would have the email addresses of your customers? Who did you sell the information to?

    • the summary may simply be poor, but most likely what is being referred to is password re-use.

      Say my email address is thoromyr@gmail.com and I'm a customer at Acme Corporation. Like many places, they use my email address as the username. I use the password "Pass1234" because it is strong (upper case, lower case and numbers) and easy to remember (those security guys said I needed to create a memorable password that met their "complexity requirements").

      Later on, I get an account at Atlassian and, surprise, the

      • I get that it is common, but I personally use a password vault (both on PC and phone) so I can use different random passwords for every account.

        And the vault is secured with a YubiKey, so even if someone stole the database and somehow knew the password, they still wouldn't be able to get in.

    • Anything you sign into using your TWC account to access online.

      So any of the channels on Roku as one example, there are many many others.

    • by antdude ( 79039 )

      Probably ALL the other companies.

  • by Big Hairy Ian ( 1155547 ) on Thursday January 07, 2016 @11:17AM (#51256007)
    They probably just sent the wrong file out to be cold called
  • Time Warner refuses to be beaten in worst customer service.
  • WTF? (Score:5, Insightful)

    by Alumoi ( 1321661 ) on Thursday January 07, 2016 @11:28AM (#51256095)

    'The emails and passwords were likely previously stolen either through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored TWC customer information, including email addresses.'

    WTF was the info doing there? Outside TWC? Oh, don't tell me, let me guess: advertising.

    • by Anonymous Coward

      My money is on customer service/tech support/sales subcontractors. All telecom companies outsource a lot of that.

  • Comment removed (Score:5, Interesting)

    by account_deleted ( 4530225 ) on Thursday January 07, 2016 @11:36AM (#51256149)
    Comment removed based on user account deletion
    • I got one of these notices. My username segregation; password segregation; service segregation practices are solid.

      The account in question existed for probably 15 years (for junk mail handling). The username and password have never been used anywhere else. The account was used with minimal frequency (maybe once a year) and the systems it was used on were generally trusted systems... not a polluted web surfing environment. I mostly used it with cli fetchmail on a server.

      Occam's razor... a breach at

  • by PRMan ( 959735 ) on Thursday January 07, 2016 @01:08PM (#51256805)
    Unique TWC password changed. Thanks, LastPass!
  • Very Related (Score:4, Interesting)

    by ThatsNotPudding ( 1045640 ) on Thursday January 07, 2016 @01:13PM (#51256833)
    How often should we change all our unique passwords? Once a quarter? Monthly? In real-time, like changing phaser modulation when attacking the Borg?
  • I received the email from Time-Warner. Things they did wrong in their notice:
    1. Quote "Time Warner Cable was recently notified by the F.B.I. that some of our customers’ email addresses including account passwords may have been compromised." Phish alarm #1 set (allusion to FBI notification)!
    2. Embedded link to change password (Who embeds links in legitimate 'reset your password' notices?). Phish alarm #2 set and activated!

    No link to 'more information here', only toll free phone numbers. Also, I only us

Our policy is, when in doubt, do the right thing. -- Roy L. Ash, ex-president, Litton Industries

Working...