It’s likely that email and password details were harvested through malware downloaded during phishing attacks, or indirectly through data breaches of companies that stored information — including emails addresses — from customers, Reuters reports.
Cyberattacks on businesses aren’t particularly new but have increased in recent years because hackers keep finding ways to exploit security holes, CNet reports. Hackers often take to the black market to sell customer information and force companies to acknowledge that they do a poor job of keeping data safe.
Phishing attacks, however, trick people into clicking on links or downloading files in emails that look legitimate but are actually portals to malicious software.
The FBI contacted Time Warner (TWC) and informed the company of the data theft. TWC adds that it is contacting customers via email and direct mail, advising them to change their passwords.
A company spokesman said TWC is advising customers to take precautions, especially by changing their passwords to alternatives that are strong and unique.
“Additionally, through our website we provide several tips for how to navigate the Web more carefully and how to avoid phishing schemes,” the spokesman said.
CNet reports that the theft targeted customers who use TWC’s Roadrunner service. Anyone with an email address ending in rr.com should change their password, NBC News reported. If you’re a subscriber, you can change your password by clicking on the Roadrunner Password Reset Tool page.
The data provided by the FBI was part of a larger disclosure that included other ISPs, NBC noted.
