TWC says up to 320K customers may have had passwords stolen

The FBI has informed Time Warner Cable (NYSE: TWC) that up to 320,000 of its customers may have had their passwords stolen.

The MSO said the leak probably didn't come from an internal breach, but rather likely stemmed from a malware or phishing scam, or perhaps from the breach of a third-party vendor's database.

"We're contacting customers who could potentially be affected so they can take precautions, including changing their password to a strong, unique alternative," a TWC spokesman said. "Additionally, through our website we provide several tips for how to navigate the Web more carefully and how to avoid phishing schemes."

According to CNET, the FBI's notification to TWC was part of a broader disclosure that involved other Internet service providers. The agency has provided no details on this investigation.

However, Bright House Networks customers commenting on DSL Reports forums say they've also received notices from their cable company indicating their authentication credentials may have compromised as well. 

In November, Comcast (NASDAQ: CMCSA) reset the passwords of around 200,000 customers after a list of 595,000 passwords of current and former customers emerged on the dark web. 

Also in November, Cox agreed to pay $595,000 to settle a complaint made by the FCC that the MSO didn't do enough to stop an attack made against it by hacker group the Lizard Squad. 

For more:
- read this DSL Reports story
- read this Reuters story
- read this CNET story

Related articles:
Arris says security threat posed by reported cable modem backdoor is 'low'
Comcast scrambles as 595K customer email accounts and passwords show up on Dark Web market
Cox pays $595K to settle FCC complaint over 'Lizard Squad' security breach
Comcast ups Soto to new chief information security officer role