Comcast was forced to reset the passwords for 200,000 of their customers after their information appeared for sale online, The Washington Post reported Monday. The company blocked access to the victim’s accounts, until they could verify their identity and reset passwords.
According to CSO Online, a reader discovered a list of over 500,000 Comcast emails Nov. 7 being sold on the dark web for $300 per 100,000 accounts. CSO Online noted that there was an offer to buy the entire list for $1,000. (RELATED: Ashley Madison Owner Says Site Still Adding Users After Data Hack)
The dark web is a network not publicly available on the Internet without special software that allows users to gain access. (RELATED: DHS Subpoenas Reddit For Identities Of Darkweb Drug Forum Users)
Anyone notice the 590K emails/plaintext passwords allegedly from Comcast being sold? pic.twitter.com/jbASQP0E2Y
— flanvel (@flanvel) November 7, 2015
Of the 590,000 account records, 200,000 were found to contain up-to-date and accurate information. (RELATED: ISIS Hacker Arrested For Allegedly Stealing U.S. Military Data)
A Comcast representative told the Daily Caller News Foundation that they ran the list of names against an internal customer database and found “the majority of the leaked information was not valid.”
“Reports have indicated that the individual that released the data has a reputation for leaking information that is sometimes old or recycled, while passing it off as current,” the representative said.
Screenshot of @Flanvel tweet on Nov. 7 about Comcast accounts
Comcast, however, maintains they were not hacked. The representative said the leak was “not a related to any breach” and that incident was perpetrated “outside of the Comcast system and did not access the internal server.”
They believe the leak was the result of a phishing attack on one of their customers. “Information is currency,” the representative said and it takes just one digital misstep for a widespread infection to occur. (RELATED: Email Phishing Scams Still Fooling Postal Service Workers)
Phishing is a type of email scam where an attacker tries to learn information, such as login credentials or account information, by manipulating targets into believing the emailer is a legitimate or reputable person. (RELATED: Russia-Based Hackers Attempted To Hack Clinton Email Server)
The representative said the company was “working with customers to protect their information.” In addition to the password reset, they would be educating customers about safe Internet practices: using different passwords for multiple accounts, not opening up suspicious emails, being cautious about providing personal information over the phone or online, etc. (RELATED: An Insane Amount Of People Failed This Common Tech Security Test)
Follow Steve Ambrose on Twitter
Content created by The Daily Caller News Foundation is available without charge to any eligible news publisher that can provide a large audience. For licensing opportunities of our original content, please contact licensing@dailycallernewsfoundation.org.
All content created by the Daily Caller News Foundation, an independent and nonpartisan newswire service, is available without charge to any legitimate news publisher that can provide a large audience. All republished articles must include our logo, our reporter’s byline and their DCNF affiliation. For any questions about our guidelines or partnering with us, please contact licensing@dailycallernewsfoundation.org.