Time Warner Cable denies breach

US telecoms firm Time Warner Cable has warned 320,000 customers that their email addresses and account passwords may have been compromised, but insists the company’s own systems were not breached.

Download this free guide

The importance of web security

Join us as we take a look at the different approaches you can take in order to bolster your web security. We find out how to identify and address overlooked web security vulnerabilities, how security controls affect web security assessment results and why web opportunities must be met with appropriate security controls.

Start Download

• Corporate E-mail Address:

  You forgot to provide an Email Address.

  This email address doesn’t appear to be valid.

  This email address is already registered. Please login.

  You have exceeded the maximum character limit.

  Please provide a Corporate E-mail Address.

• • I agree to TechTarget’s Terms of Use, Privacy Policy, and the transfer of my information to the United States for processing to provide me with relevant information as described in our Privacy Policy.

  Please check the box if you want to proceed.

• • I agree to my information being processed by TechTarget and its Partners to contact me via phone, email, or other means regarding information relevant to my professional interests. I may unsubscribe at any time.

  Please check the box if you want to proceed.

By submitting my Email address I confirm that I have read and accepted the Terms of Use and Declaration of Consent.

The second-largest telecoms company in the US after Comcast said it issued the warning after the FBI alerted it to the possible compromise, but there was no evidence of a breach of its own systems.

Time Warner Cable believes the passwords were stolen either through phishing attacks or data breaches at other companies that store its customer information.

If a third party is involved, it will highlight the dependence organisations have on their suppliers and partners to maintain their own data security and that of their customers.

Responding to the FBI alert, Time Warner Cable has advised its customers to change their passwords as a precaution, but says the suspected leak affects less than 2% of the email accounts it manages.

If attackers had access to customer email addresses and account passwords, they would be able to log in to Time Warner Cable accounts as if they were the account holders.

Security professionals say that if the details were not obtained from Time Warner Cable directly, the case underlines the importance of using strong, unique passwords and changing them regularly.

“If you are making the mistake of using the same password on any other service, then now would be a great time to rectify that mistake and ensure you are using unique, hard-to-crack passwords everywhere,” independent security adviser Graham Cluley wrote in a blog post.

Cluley recommends using unique passwords for every online account you own, using a password manager to generate and remember complex passwords, enabling two-factor authentication where available, and running up-to-date security software.

Using the same password for multiple accounts is extremely bad practice, but it is something people continue to do and attackers continue to exploit, said Kevin Cunningham, president and founder of identity and access management firm SailPoint.

“Many people use the same password across myriad personal and professional applications, and hackers recognise that,” he said. “So now, seemingly unrelated corporate accounts may be at risk.”

Cunningham said identity management systems are also helpful in a business context, because not only do they free employees from the responsibility of creating and remembering strong passwords, they also automatically force password resets across their employee base as a precaution.