Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!


Forgot your password?
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 Internet speed test! ×
Businesses Crime Privacy Security

Time Warner Cable Warns 320,000 Customers of Possible Compromise (csoonline.com) 35

itwbennett writes: Time Warner Cable said on Wednesday that up to 320,000 customers have had their accounts compromised. 'We have not yet determined how the information was obtained, but there are no indications that TWC's systems were breached,' said Eric Mangan, public relations director for Time Warner Cable. 'The emails and passwords were likely previously stolen either through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored TWC customer information, including email addresses.' If this breach is like many others, expect that number of affected customers to grow, too.
This discussion has been archived. No new comments can be posted.

Time Warner Cable Warns 320,000 Customers of Possible Compromise

Comments Filter:
  • by Opportunist ( 166417 ) on Thursday January 07, 2016 @12:08PM (#51255947)

    So what "other companies" would have the email addresses of your customers? Who did you sell the information to?

    • the summary may simply be poor, but most likely what is being referred to is password re-use.

      Say my email address is thoromyr@gmail.com and I'm a customer at Acme Corporation. Like many places, they use my email address as the username. I use the password "Pass1234" because it is strong (upper case, lower case and numbers) and easy to remember (those security guys said I needed to create a memorable password that met their "complexity requirements").

      Later on, I get an account at Atlassian and, surprise, the

      • I get that it is common, but I personally use a password vault (both on PC and phone) so I can use different random passwords for every account.

        And the vault is secured with a YubiKey, so even if someone stole the database and somehow knew the password, they still wouldn't be able to get in.

    • Anything you sign into using your TWC account to access online.

      So any of the channels on Roku as one example, there are many many others.

    • by antdude ( 79039 )

      Probably ALL the other companies.

  • by Big Hairy Ian ( 1155547 ) on Thursday January 07, 2016 @12:17PM (#51256007)
    They probably just sent the wrong file out to be cold called
  • Time Warner refuses to be beaten in worst customer service.
  • WTF? (Score:5, Insightful)

    by Alumoi ( 1321661 ) on Thursday January 07, 2016 @12:28PM (#51256095)

    'The emails and passwords were likely previously stolen either through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored TWC customer information, including email addresses.'

    WTF was the info doing there? Outside TWC? Oh, don't tell me, let me guess: advertising.

    • by Anonymous Coward

      My money is on customer service/tech support/sales subcontractors. All telecom companies outsource a lot of that.

  • by nimbius ( 983462 ) on Thursday January 07, 2016 @12:36PM (#51256149) Homepage
    this is little more than an irritation for most slashdotters practicing password segregation, but for the average home user the consequences of this are pretty relevant. The target for the data exfiltration, time warner, services individuals who cant distinguish internet from facebook or google. The password they use for time warner is likely the same for their wireless router (provided and configured by time warner) as well as their banking institution, amazon, and countless other online services. Whats even more infuriating is how clandestine Time Warner is being about this breech. Nowhere on the front of site for their cable conglomerates web presence is a breech even hinted. when logging into bill pay, the site also conveniently omits the fact that time warner has released the personal credentials of a usergroup the size of a midwestern city.

    the real kicker? because this was reported by the federal government and not through time warners own due diligence, it raises more sincere questions about just how embeddded federal intelligence and law inforcement agencies are with internet service providers.
    • I got one of these notices. My username segregation; password segregation; service segregation practices are solid.

      The account in question existed for probably 15 years (for junk mail handling). The username and password have never been used anywhere else. The account was used with minimal frequency (maybe once a year) and the systems it was used on were generally trusted systems... not a polluted web surfing environment. I mostly used it with cli fetchmail on a server.

      Occam's razor... a breach at

  • by PRMan ( 959735 ) on Thursday January 07, 2016 @02:08PM (#51256805)
    Unique TWC password changed. Thanks, LastPass!
  • Very Related (Score:4, Interesting)

    by ThatsNotPudding ( 1045640 ) on Thursday January 07, 2016 @02:13PM (#51256833)
    How often should we change all our unique passwords? Once a quarter? Monthly? In real-time, like changing phaser modulation when attacking the Borg?
  • I received the email from Time-Warner. Things they did wrong in their notice:
    1. Quote "Time Warner Cable was recently notified by the F.B.I. that some of our customers’ email addresses including account passwords may have been compromised." Phish alarm #1 set (allusion to FBI notification)!
    2. Embedded link to change password (Who embeds links in legitimate 'reset your password' notices?). Phish alarm #2 set and activated!

    No link to 'more information here', only toll free phone numbers. Also, I only us

Enzymes are things invented by biologists that explain things which otherwise require harder thinking. -- Jerome Lettvin