Time Warner Cable Warns 320,000 Customers of Possible Compromise

itwbennett writes: Time Warner Cable said on Wednesday that up to 320,000 customers have had their accounts compromised. 'We have not yet determined how the information was obtained, but there are no indications that TWC's systems were breached,' said Eric Mangan, public relations director for Time Warner Cable. 'The emails and passwords were likely previously stolen either through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored TWC customer information, including email addresses.' If this breach is like many others, expect that number of affected customers to grow, too.

Who did you sell to?

[Opportunist]

So what "other companies" would have the email addresses of your customers? Who did you sell the information to?

Re:Who did you sell to?

[thoromyr]

the summary may simply be poor, but most likely what is being referred to is password re-use.

Say my email address is thoromyr@gmail.com and I'm a customer at Acme Corporation. Like many places, they use my email address as the username. I use the password "Pass1234" because it is strong (upper case, lower case and numbers) and easy to remember (those security guys said I needed to create a memorable password that met their "complexity requirements").

Later on, I get an account at Atlassian and, surprise, they also use my email address as the username. Now, coming up with one memorable yet complex password is hard work so, like most people, I use it again. A few months later, Atlassian announces that their Jira system was compromised and usernames and passwords leaked.

Acme Corporation hasn't had a compromise, but now someone with the information from the Atlassian compromise can login as me on their system.

Even worse, if I'm like most people I used the same password at gmail, so they can login as me there and probably find every place I do business with and can try the logins there (and if for some reason the password does not work go through the password reset procedure).

Password re-use is very common.

They don't know how they were breached?

[Big+Hairy+Ian]

They probably just sent the wrong file out to be cold called

WTF?

[Alumoi]

'The emails and passwords were likely previously stolen either through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored TWC customer information, including email addresses.'

WTF was the info doing there? Outside TWC? Oh, don't tell me, let me guess: advertising.

serious consequences for home users

[nimbius]

this is little more than an irritation for most slashdotters practicing password segregation, but for the average home user the consequences of this are pretty relevant. The target for the data exfiltration, time warner, services individuals who cant distinguish internet from facebook or google. The password they use for time warner is likely the same for their wireless router (provided and configured by time warner) as well as their banking institution, amazon, and countless other online services. Whats even more infuriating is how clandestine Time Warner is being about this breech. Nowhere on the front of site for their cable conglomerates web presence is a breech even hinted. when logging into bill pay, the site also conveniently omits the fact that time warner has released the personal credentials of a usergroup the size of a midwestern city.

the real kicker? because this was reported by the federal government and not through time warners own due diligence, it raises more sincere questions about just how embeddded federal intelligence and law inforcement agencies are with internet service providers.

Password changed

[PRMan]

Unique TWC password changed. Thanks, LastPass!

Very Related

[ThatsNotPudding]

How often should we change all our unique passwords? Once a quarter? Monthly? In real-time, like changing phaser modulation when attacking the Borg?