Time Warner will start emailing all affected customers

Jan 7, 2016 22:20 GMT  ·  By

A Time Warner Cable representative has confirmed that the company is investigating a possible data breach, reported by FBI agents.

According to a company representative, the FBI found information about 320,000 Time Warner Cable customers, information that included customer email addresses, and their associated passwords.

The information was relayed to Time Warner's tech team who started an investigation to verify its validity and the possible source of the data leak.

Various Time Warner representatives have told multiple media agencies that they don't believe the data originated from a breach of its servers.

Company spokespersons believe that the data may have been stolen from other firms that also handle Time Warner customer information, but they also believe some of the data may come from individual phishing campaigns, collected from one user at a time.

There are secret black markets on the Internet where cybercriminals often trade, buy, or sell entire batches of customer details from various companies. It may be possible that the database of 320,000 Time Warner clients may be a collection gathered from different incidents across time. It may also be possible that most of the data may be already obsolete, from long-past incidents or accounts for which the password was already changed.

Most of the data points to TWC Road Runner customers

Time Warner representatives have told CSO that their staff will start contacting each affected user via email and encourage them to change their passwords.

According to an NBC report, inside sources claim that most of the data seems to be email addresses associated with the Road Runner (rr.com) service, a Web mail service managed by Time Warner.

"One of the weakest links is an attack through a third-party company as they may have a softer security posture," Kevin Shahbazi, security expert and CEO of LogMeOnce, a cloud-based computer security solution. "A similar attack at Target manifested itself via a third part company (HVAC vendor)."

"Anytime an unfortunate event such as a hack or password leak happens, there is a lesson to be learned by the customers, end users and the vendor," Mr. Shahbazi also added. Let's hope Time Warner Cable learns not to trust third-party companies with the passwords of 320,000 of its customers ever again.