James Thew - Fotolia
US telecoms firm Time Warner Cable has warned 320,000 customers that their email addresses and account passwords may have been compromised, but insists the company’s own systems were not breached.
The second-largest telecoms company in the US after Comcast said it issued the warning after the FBI alerted it to the possible compromise, but there was no evidence of a breach of its own systems.
Time Warner Cable believes the passwords were stolen either through phishing attacks or data breaches at other companies that store its customer information.
If a third party is involved, it will highlight the dependence organisations have on their suppliers and partners to maintain their own data security and that of their customers.
Responding to the FBI alert, Time Warner Cable has advised its customers to change their passwords as a precaution, but says the suspected leak affects less than 2% of the email accounts it manages.
If attackers had access to customer email addresses and account passwords, they would be able to log in to Time Warner Cable accounts as if they were the account holders.
Security professionals say that if the details were not obtained from Time Warner Cable directly, the case underlines the importance of using strong, unique passwords and changing them regularly.
“If you are making the mistake of using the same password on any other service, then now would be a great time to rectify that mistake and ensure you are using unique, hard-to-crack passwords everywhere,” independent security adviser Graham Cluley wrote in a blog post.
Cluley recommends using unique passwords for every online account you own, using a password manager to generate and remember complex passwords, enabling two-factor authentication where available, and running up-to-date security software.
Read more about password security
- Five steps to ensure stronger passwords and better authentication to reduce the threat of business data theft.
- Yahoo Account Key uses push notifications to provide a fast and secure way to access Yahoo accounts from a mobile device.
- The Fido Alliance has taken another step closer to defining a standard web-based API as industry support for its password-killing standards gains momentum.
- GCHQ’s guidance on password policy covers some of the most pressing issues facing UK businesses and employees today, according to Skyhigh Networks.
Using the same password for multiple accounts is extremely bad practice, but it is something people continue to do and attackers continue to exploit, said Kevin Cunningham, president and founder of identity and access management firm SailPoint.
“Many people use the same password across myriad personal and professional applications, and hackers recognise that,” he said. “So now, seemingly unrelated corporate accounts may be at risk.”
Cunningham said identity management systems are also helpful in a business context, because not only do they free employees from the responsibility of creating and remembering strong passwords, they also automatically force password resets across their employee base as a precaution.