A Devastating Hack: Cybercriminals Claim to Have Breached Major US ISP
WideOpenWest, a leading Internet Service Provider (ISP) serving 14 US markets, has found itself at the center of a high-profile cyberattack. The hacking group, known as Arkana Security, boasts of breaching the company's systems and stealing sensitive data from over 403,000 customers.
According to Arkana, the breach led to the complete takeover of WOW!'s systems, customer-facing devices, and backend servers, posing a significant risk to both customer data and operational infrastructure. The group has threatened to release the stolen customer data unless the ISP pays a ransom. "This breach has led to the complete takeover of WOW!'s systems, customer-facing devices, and backend servers, putting both customer data and operational infrastructure at significant risk,” Arkana claims.
As evidence, the group posted screenshots and a video that allegedly show the group gaining access to internal IT systems at WOW! by compromising the company’s Symphonica and AppianCloud platforms. Cybersecurity vendor Hudson Rock says the hack appears to be legit. It uncovered evidence tracing the breach to malware that infected a WOW! employee's computer and stole account credentials for the ISP's internal systems.
"Our investigation reveals that the credentials for all three URLs —wowinc.symphonica.com, wowway.com, and appiancloud.com— were harvested from this infected device,” Hudson Rock says. “Once stolen, these credentials are often sold on the dark web or used directly by threat actors to gain unauthorized access to systems.”
It is believed that Arkana bought the stolen logins from another hacker or tricked a WOW! employee into installing info-stealing malware. From there, they were able to move laterally, exfiltrating data and seizing control of critical systems like the Symphonica admin panel (used for managing customer accounts) and AppianCloud (a platform for business process management).
WOW! tells PCMag that it “recently became aware of suspicious activity related to an application on our network.” However, the company adds that it has not uncovered any evidence that user data was stolen. The ISP says: “We take the security of our network very seriously, and out of an abundance of caution, we immediately disabled access to the application and began investigating the activity. In addition to our internal security teams, we are working with third-party specialists to thoroughly investigate. To date, we do not believe any personally identifiable information ('PII') was accessed by an external party, and our investigation continues.”
In the meantime, Arkana has given WOW! until 5 p.m. PST Friday to pay a ransom, or the group will start selling the stolen customer data. The situation is ongoing, with many questions still unanswered. Will WOW! be able to contain the damage and protect its customers' sensitive information? Only time will tell.