US telecoms firm Time Warner Cable has warned 320,000 customers that their email addresses and account passwords may have been compromised, but insists the company’s own systems were not breached.
The second-largest telecoms company in the US after Comcast said it issued the warning after the FBI alerted it to the possible compromise, but there was no evidence of a breach of its own systems.
Time Warner Cable believes the passwords were stolen either through phishing attacks or data breaches at other companies that store its customer information.
If a third party is involved, it will highlight the dependence organisations have on their suppliers and partners to maintain their own data security and that of their customers.
Responding to the FBI alert, Time Warner Cable has advised its customers to change their passwords as a precaution, but says the suspected leak affects less than 2% of the email accounts it manages.
If attackers had access to customer email addresses and account passwords, they would be able to log in to Time Warner Cable accounts as if they were the account holders.
Security professionals say that if the details were not obtained from Time Warner Cable directly, the case underlines the importance of using strong, unique passwords and changing them regularly.
“If you are making the mistake of using the same password on any other service, then now would be a great time to rectify that mistake and ensure you are using unique, hard-to-crack passwords everywhere,” independent security adviser Graham Cluley wrote in a blog post.
Cluley recommends using unique passwords for every online account you own, using a password manager to generate and remember complex passwords, enabling two-factor authentication where available, and running up-to-date security software.
Using the same password for multiple accounts is extremely bad practice, but it is something people continue to do and attackers continue to exploit, said Kevin Cunningham, president and founder of identity and access management firm SailPoint.
“Many people use the same password across myriad personal and professional applications, and hackers recognise that,” he said. “So now, seemingly unrelated corporate accounts may be at risk.”
Cunningham said identity management systems are also helpful in a business context, because not only do they free employees from the responsibility of creating and remembering strong passwords, they also automatically force password resets across their employee base as a precaution.