Both Time Warner Cable and Web host Linode recently acknowledged that their users' passwords may have been exposed.
On January 5, 2016, Linode announced that all of its users' passwords had been reset.
"A security investigation into the unauthorized login of three accounts has led us to the discovery of two Linode.com user credentials on an external machine," the company stated. "This implies user credentials could have been read from our database, either offline or on, at some point. The user table contains usernames, email addresses, securely hashed passwords and encrypted two-factor seeds. The resetting of your password will invalidate the old credentials."
The company has retained a third-party security firm to investigate the breach, and is working with law enforcement. "While we feel victimized ourselves, we understand it is our responsibility, and our privilege as your host, to provide the best possible security and service," Linode added. "You can help further enhance the security of your account by always using strong passwords, enabling two-factor authentication, and never using the same password at multiple services."https://o1.qnsr.com/log/p.gif?;n=203;c=204660770;s=9477;x=7936;f=201812281321530;u=j;z=TIMESTAMP;a=20396194;e=i
And on January 6, 2016, Time Warner Cable stated that as many as 320,000 customers' email passwords may have been stolen, either through malware delivered via phishing attacks or through data breaches at third-party companies that store Time Warner Cable customer information, Reuters reports.
Time Warner says it was notified of the possible breach by the FBI, and is advising its customers to update their email passwords.
"Our understanding is that the compromise had nothing to do with TWC's systems or processes," Time Warner stated in the email to customers, Infosecurity reports. "TWC has found no evidence of a breach in its systems that operate and secure email accounts for our customers."
Still, SecureAuth CEO Craig Lund told eSecurity Planet by email that Time Warner's advice to customers that they update their passwords in response to the breach "simply puts a Band-Aid on a gushing wound."
"In this case, the company has an opportunity to upend its dated password-centric strategy and take a more proactive, future-oriented authentication approach," Lund said. "Advances in adaptive authentication have brought to market a number of options that help users stay both secure and productive, such as device recognition, analysis of the physical location of the user, or even behavioral biometrics to continually verify the true identity of the end user."
SailPoint president and founder Kevin Cunningham pointed out that breaches like these can have far-reaching implications for organizations unrelated to those directly affected. "Many people use the same password across a myriad of personal and professional applications, and hackers recognize that," he said. "So now, seemingly unrelated corporate accounts may be at risk. This is where identity management solutions can really help, because they can automatically force password resets across their employee base as a precaution."
And Todd Weller, vice president of corporate development at Hexis Cyber Solutions, said these breaches should serve as a reminder of the importance of investing in preventative security measures. "These measures include behavior-based detection on endpoints, network, and servers," he said. "Monitoring user behavior is also important. Of course having these controls is one thing but they need to be actively and continuously monitored."