Time Warner reports possible password breach affecting 320,000 customers

08 Jan 2016

The passwords of 320,000 residential customers of Time Warner Cablecould have been stolen in a hacking attack, the company confirmed.

The company did not confirm whether any of its approximately 380,000 Maine customers had been affected, but said that the breach included ''residential customers across our markets.''

According to its website, it is the largest cable provider in Maine and services 16 million business and residential customers in 29 states. The company offerings also include television, telephone and internet services.

According to an email yesterday from company spokeswoman Nathalie Burgos, the company was contacting customers through email and direct mail so they could ''take precautions to protect their accounts and update their passwords using a strong, unique alternative.''

According to Burgos, people who had Time Warner's  Roadrunner email accounts with the .rr.com tag were at particular risk, Burgos said, especially, if the accounts contained sensitive personal and financial information.

Burgos added the emails and passwords were probably stolen through malware, downloaded through digital attacks or indirectly through data breaches of third-party companies that stored Time Warner customers' information, including email addresses.

''Our understanding is that the compromise had nothing to do with TWC's systems or processes,'' Burgos said in her email. ''We haven't yet determined how the information was obtained, but there are no indications that our systems were breached.''

Meanwhile hosting firm Linode carried out a system-wide password reset following the  ''the discovery of two Linode.com user credentials on an external machine.''

Linode, which hosts virtual private servers for its customers, suffered a crippling DDOS attack in December following which it was taken down.

According to commentators, there was  concern that this DDoS attack might have acted as a disguise for hackers accessing its customer database.

Linode issued an advisory about the password reset, in which the New Jersey-based firm warned its customers that they would be prompted to set a new password with their next login.

''A security investigation into the unauthoriSed login of three accounts has led us to the discovery of two Linode.com user credentials on an external machine,'' it warned.

''This implies user credentials could have been read from our database, either offline or on, at some point. The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds. The resetting of your password will invalidate the old credentials.''