Hacked: Hacking Finance

Comcast Resets 200,000 Accounts after Password Leak, Denies Breach

Introduction

Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.


LATEST POSTS

Alleged FBI Hacker Lauri Love Ordered to US Extradition by UK Home Secretary 15th November, 2016

The Largest Breach of 2016: 412 Million FriendFinder Accounts Exposed 14th November, 2016

Breaches

Comcast Resets 200,000 Accounts after Password Leak, Denies Breach

Posted on .

Comcast has hit the reset button on passwords of up to 200,000 customers after spotting an entire database its customers’ account details put up for sale on a darknet website.

// -- Discuss and ask questions in our community on Workplace. Don't have an account? Send Jonas Borchgrevink an email -- //

It began when a trove of personal data containing email addresses and passwords belonging to hundreds of thousands of Comcast customers was listed for sale for $1,000. The listing was spotted by Twitter user @flanvel, who promptly took a screenshot of the listing:

The above screenshot is of a brief list of 112 Comcast user accounts of an overall 100,000 accounts sold at roughly $300 USD in bitcoin. However, the listing was only served up as proof of existence of a much larger cache of user information that contained 590,000 Comcast accounts, which was put up for $1,000 USD, as reported by CSO.

Comcast Denies Data Breach

Cable giant Comcast obtained a copy of the account list being sold online and had its security engineers verify the authenticity of the data being sold. They discovered 200,000 of the 590,000 account records listed belonged to active accounts, whereas the remaining details on the list was either outdated or false. To leave no stone unturned, all passwords on the matching accounts have been reset.

The company claimed that it had not been hacked and noted that none of its systems, networks or applications had been compromised in connection to the breach.

Comcast spokeswoman Jenni Moyer said:

There’s no evidence that this is a breach, but we are working with the customers who were impacted to secure their account.

Furthermore, it’s entirely likely that Comcast paid for the listing of the stolen data itself, to quickly cross-reference the obtained plaintext email addresses and passwords before resetting the passwords of all compromised accounts.

A majority of the 590,000 account listings are said to include recycled information from previous account dumps that have already been sold online. The seller of the big list of Comcast account data was even tagged a scammer by cybercriminals operating in the dark net marketplace, due to the recycled nature of the information which altogether served the list as an aggregate of previously known account information combined with new account details.

Image from Shutterstock.

Important: Never invest money you can't afford to lose. Always do your own research and due diligence before placing a trade. Read our Terms & Conditions here.



Feedback or Requests?

DON'T MISS OUT

Samburaj Das

Samburaj Das

Samburaj is the contributing editor at Hacked and keeps tabs on science, technology and cyber security.

There are no comments.

View Comments (0) ...
Navigation
Machine learning is the nerdiest side of artificial intelligence. It's…