Time Warner Cable confirmed that about 320,000 customers might have been affected by a possible malware or phishing attack that caused subscriber email passwords to be stolen, but said there’s no indication that TWC’s own systems were breached.
Reuters reported Wednesday that TWC, which is now urging customers to change their passwords, began to investigate the situation after it was notified by the FBI that those customers might have had their data stolen. DSL Reports said some Bright House customers have received similar messages from that MSO about the potential threat.
TWC spokesman Eric Mangan issued this statement:
"Approximately 320,000 customers across our markets could be impacted by this situation. To protect the security of these customers, we are sending emails and direct mail correspondence to encourage them to update their email passwords as a precaution.
We have not yet determined how the information was obtained, but there are no indications that TWC’s systems were breached. The emails and passwords were likely previously stolen either through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored TWC customer information, including email addresses.
For those customers whose account information was stolen, we are contacting them individually to make them aware and to help them reset their passwords. Additionally, through our website we provide several tips for how to navigate the Web more carefully and how to avoid phishing schemes.”
TWC ended Q3 2015 with 12.4 million residential high-speed Internet subscribers, so only a small fraction of that base appears to be at risk. However, cybersecurity has become a major issue for cable operators, now viewed as one of the biggest risks posed to MSO internal and external activities.
In November, Comcast contacted 200,000 broadband subs to secure their MSO-supplied email accounts and reset their passwords after discovering that a Dark Web seller was trying to unload a list of almost 600,000 Comcast email addresses and passwords. Cox Communications recently agreed to pay $595,000 to settle an FCC investigation into its data protections related to a 2014 hack.
