In the latest hacker hit on the ISP crowd, US cable giant Time Warner Cable is advising 320,000 customers to change their passwords in the wake of a likely compromise.
"Our understanding is that the compromise had nothing to do with TWC's systems or processes," the company said in an email to customers. "TWC has found no evidence of a breach in its systems that operate and secure email accounts for our customers."
Nonetheless, customers throughout Time Warner's nationwide service territory were advised to change their passwords by going to http://twc.com/emailpassword and following the instructions. A spokeswoman confirmed to local media that only customers with Roadrunner e-mail addresses (those with "rr" in the domain name) are affected.
Worryingly, but in an all too common situation, TWC didn’t discover the breach itself, but was rather told by the FBI that accounts may have been compromised.
Details for now are scant: TWC said that it’s investigating how the breach may have occurred, but suggested that it may have come through phishing attacks or via breaches of third parties that store TWC customer information.
Because so many consumers re-use passwords across multiple accounts, criminals can use stolen credentials to access high-value targets like financial accounts and the like, or online shopping sites that may store user credit card information. They can also use the credentials to log into legitimate accounts to mount spear-phishing campaigns and targeted scams, and can, of course, sift through for personal information and other data contained in the victim’s emails that may be of use.
TWC is not alone in being targeted. Fellow cable behemoth Comcast in November warned users about a potential compromise of 590,000 customer accounts; Comcast said at the time that there was "no evidence to suggest any personal customer information was obtained in this incident." But shortly thereafter, reports emerged that the email addresses and passwords of up to 200,000 Comcast customers were listed for sale on a Dark Web site for up to $1,000.
Vice Media’s Motherboard said that a vendor selling the dump on the Dark Web provided it a sample of data that proved legitimate. Comcast has insisted that the data was pilfered as a result of malware or social engineering attacks rather than a hack on its systems.
Perhaps the most high-profile ISP attack has been against UK ISP TalkTalk. In October, it admitted that it had been the victim of what it called a “significant and sustained” cyber attack on its website, in which hackers may have gained access to personal data of four million or more people. The compromised data in that attack included not just log-in details but also company names, addresses, date of birth, phone numbers, account information, and credit card and/or bank details.
Photo © Ken Wolter/Shutterstock.com