Time Warner Cable said late Wednesday that hackers may have stolen up to 320,000 customers’ email passwords. Time Warner isn’t totally sure exactly how the information was obtained, or where the security lapse took place, but they don’t think it was a breach in their own systems. They’re saying the information was likely obtained through third-party companies that Time Warner partners with.

The second-largest cable company in the U.S. said it is still investigating how the information was pilfered, but it does not believe its systems were actually breached.

The company said it’s likely that digital thieves either collected the data using malware planted on customers’ devices through fraudulent emails — a so-called phishing attack — or through breaches at other companies that store Time Warner Cable customer information.

The FBI alerted Time Warner to the breach, instead of the company discovering it themselves. The FBI explained that some of their customers’ account data may have been compromised, including usernames and passwords.  

The company said it is alerting potentially compromised customers directly via email or direct mail.