Time Warner Cable Warns 320,000 Customers of Possible Compromise

itwbennett writes: Time Warner Cable said on Wednesday that up to 320,000 customers have had their accounts compromised. 'We have not yet determined how the information was obtained, but there are no indications that TWC's systems were breached,' said Eric Mangan, public relations director for Time Warner Cable. 'The emails and passwords were likely previously stolen either through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored TWC customer information, including email addresses.' If this breach is like many others, expect that number of affected customers to grow, too.

Re:

[MobSwatter]

Moooo! Moooo! Moooo! And the herd runs.

Not likely, cable services based on territory there is no where to run too unless they leave their homes. Best to prepare big pharma train for herpes epidemic.

Who did you sell to?

[Opportunist]

So what "other companies" would have the email addresses of your customers? Who did you sell the information to?

Re: Who did you sell to?

[EthanV2]

I'm pretty sure they mean "other companies that have been breached, to which our customers were also registered". As in someone was registered with, for example, Adobe when they got breached, and they used the same email address and password for their TWC account.

Re:

[Zaowulf]

AFAIK, TWC doesn't outsource their tech support. Source: Their Tier III desk is here in town and I interviewed for a position a couple years ago.

Re:

[thoromyr]

the summary may simply be poor, but most likely what is being referred to is password re-use.

Say my email address is thoromyr@gmail.com and I'm a customer at Acme Corporation. Like many places, they use my email address as the username. I use the password "Pass1234" because it is strong (upper case, lower case and numbers) and easy to remember (those security guys said I needed to create a memorable password that met their "complexity requirements").

Later on, I get an account at Atlassian and, surprise, the

Re:

[toonces33]

I get that it is common, but I personally use a password vault (both on PC and phone) so I can use different random passwords for every account.

And the vault is secured with a YubiKey, so even if someone stole the database and somehow knew the password, they still wouldn't be able to get in.

Re:

[bfpierce]

Anything you sign into using your TWC account to access online.

So any of the channels on Roku as one example, there are many many others.

Re:

[antdude]

Probably ALL the other companies.

They don't know how they were breached?

[Big Hairy Ian]

They probably just sent the wrong file out to be cold called

Shhhhhhocking!

[NominalLoss]

Time Warner refuses to be beaten in worst customer service.

WTF?

[Alumoi]

'The emails and passwords were likely previously stolen either through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored TWC customer information, including email addresses.'

WTF was the info doing there? Outside TWC? Oh, don't tell me, let me guess: advertising.

Re:

[Anonymous Coward]

My money is on customer service/tech support/sales subcontractors. All telecom companies outsource a lot of that.

Comment removed

[account_deleted]

Comment removed based on user account deletion

Re:

[grimshaw]

I got one of these notices. My username segregation; password segregation; service segregation practices are solid.

The account in question existed for probably 15 years (for junk mail handling). The username and password have never been used anywhere else. The account was used with minimal frequency (maybe once a year) and the systems it was used on were generally trusted systems... not a polluted web surfing environment. I mostly used it with cli fetchmail on a server.

Occam's razor... a breach at

Re:

[w1zz4]

Happen all the time, you happen to see lists of compromised data on pastebin or like website with alot of your customer data but not only yours, which suggest phishings attacks.

Re:

[vtcodger]

Some other dude did it." The lawyers have spoken:

In case you are curious, yes, there do seem to be folks out there keeping totals on acknowledged data breaches. e.g. http://www.idtheftcenter.org/i... [idtheftcenter.org]

2005 toÂNovember 30, 2015
Number of breaches = 5,754
Number of Records = 856,548,312

Re:

[lhowaf]

"Identity Theft Resource Center"? It's a cookbook [youtube.com]!

Password changed

[PRMan]

Unique TWC password changed. Thanks, LastPass!

Very Related

[ThatsNotPudding]

How often should we change all our unique passwords? Once a quarter? Monthly? In real-time, like changing phaser modulation when attacking the Borg?

Re:

[antdude]

TWC = Borgs

Re:

[networkzombie]

I'm a TWC customer and they do not have my email address. They never asked for it and I never gave it. They never offered me an opportunity to create a RoadRunner email, and I would decline anyway. I just get a bill every month. Rates go up every 3 months or so. Still waiting for DOCSIS 3.

I got notice from TW...looked like Phishing email!

[Anonymous Coward]

I received the email from Time-Warner. Things they did wrong in their notice:
1. Quote "Time Warner Cable was recently notified by the F.B.I. that some of our customers’ email addresses including account passwords may have been compromised." Phish alarm #1 set (allusion to FBI notification)!
2. Embedded link to change password (Who embeds links in legitimate 'reset your password' notices?). Phish alarm #2 set and activated!

No link to 'more information here', only toll free phone numbers. Also, I only us