Comcast Resets 200,000 Passwords After Customer Records Went on Sale

November 10, 2015—A post in the Dark Web marketplace offered a list of 590,000 Comcast email addresses and their corresponding passwords. CSO Online reported that the seller was asking for about USD 300 for 100,000 accounts with USD 1,000 as final price for the whole list.

Comcast’s security team was able to get hold of the list and checked each record against their current database. They confirmed that of the 590,000 records being sold, only 200,000 are active. The cable company then forced a password reset for these 200K accounts.

Representatives from Comcast told media that none of their systems or applications had been compromised. It is still not clear though as to where the data was siphoned. Pundits theorize that the records were more than likely recycled, given than only about 30% of the advertised list was still active. The data could have been gathered from various sources—phished accounts, malware-infected systems, or even through exposure via one of the reported Comcast data breaches over the last few years.

Comments are closed.