If you’re a Time Warner Cable customer my advice is that you should change your password now.
In fact, if you’re making the mistake of using the same password on any other service then now would be a great time to rectify that mistake and ensure that you are using unique, hard-to-crack passwords everywhere.
Because some 320,000 ISP customers of Time Warner Cable across the United States have reportedly had their email addresses and password details exposed.
According to Reuters, it was the FBI not Time Warner Cable who discovered that there was a problem, seemingly stumbling across a stash of stolen credentials.
For now, just how the email and password details were harvested by the computer underground remains a mystery – but it potentially could be the result of phishing campaigns, password-grabbing spyware, or through hackers targeting the databases of third-party companies.
Eric Mangan, public relations director for Time Warner Cable, says that so far there is no indication that the company’s own systems have been breached:
“We have not yet determined how the information was obtained, but there are no indications that TWC’s systems were breached.
The emails and passwords were likely previously stolen either through malware downloaded during phishing attacks or indirectly through data breaches of other companies that stored TWC customer information, including email addresses.
For those customers whose account information was stolen, we are contacting them individually to make them aware and to help them reset their passwords.”
Something else that we don’t know is how ‘fresh’ this list of email addresses/passwords is. If it is something that online criminals compiled recently then there will clearly be a different level of concern than if the data might have been collated some time ago, and contains over-ripe credentials including passwords that may no longer be current or belonging to users who have since left the service.
But, as usual, there will be many thousand of consumers left clearing up the mess – ensuring that their passwords are safe, and not being reused on multiple sites. The smart ones will take this latest security scare as a good reason to invest in a password manager – helping them handle multiple complex passwords.
Sadly I have no doubt that the majority of users will continue to stumble around in the dark, continuing to put their online lives in danger, and fail to learn an important lesson from this incident.
The fact of the matter is that everytime you create an account with an online service, you are putting your trust in them, their staff and their partners to treat your personal information with the greatest care – ensuring that high security is always in place, and that your data and credentials won’t fall into the hands of online criminals.
We don’t know yet how the hackers managed to get hold of 320,000 Time Warner Cable customers email addresses and passwords, and it may well be that Time Warner Cable itself hasn’t done anything wrong. But someone, somewhere, has clearly failed.
Ensure that you use unique passwords for every online account you own, that you use a password manager to generate and remember your complex, hard-to-crack passwords, that you enable two-factor authentication where available, run up-to-date security software, and that you are always on your guard against malware and phishing threats.
Taking these sensible steps won’t necessarily mean that your password will never end up in the hands of criminals, but it can mean that the potential for exploitation is kept to a minimum.