Comcast resets 200,000 passwords offered for sale on Dark Web

Comcast says it wasn’t hacked, but hundreds of thousands of its customers may have been, forcing the cable giant to reset passwords to email accounts of about 200,000 customers.

The forced password reset came after an independent security researcher spotted an ad on a Dark Web marketplace offering 590,000 Comcast subscriber email addresses and plaintext passwords for $1000 in bitcoins.

A Comcast representative said the company acquired the list of email addresses and discovered that only 200,000 of them were active, and is “working to get this fixed for those customers who may have been impacted,” according to the Washington Post.

The researcher, @Flanvel, posted an image of the dark forum ad on Twitter and tipped off writer Steve Ragan, whose story on CSO became the top-trending topic on Twitter on Monday (9 November).

@Flanvel discovered the ad on a Dark Web forum called Python Market, at a .onion address on the Tor network, he told me via direct message on Twitter.

The self-described “Hacker | Autodidact | Researcher,” @Flanvel’s real name is Corey Wells, a 20-year-old from West Virginia.

Wells spends a portion of his time searching for data breaches on Dark Web markets, either manually or using an automated tool he wrote.

“I came across this specific breach just browsing the market for new posts,” Wells told me via DM.

Wells told me he doesn’t want to speculate about how the vendor offering the Comcast data obtained it, but the vendor was claiming it was from a breach of Comcast and has several other listings on the Python Market.

Wells tweeted a screenshot showing other listings from the same vendor, and a link to a Pastebin post from the vendor saying Comcast hasn’t reset all of the passwords, and that “many of them still work just fine.”

However, the sale price of the Comcast data had been dropped to $200.

Comcast denied that it was breached and said the email account details were likely stolen in one of many recent data breaches, or the individuals had their account details stolen by phishing or malware attacks.

A Comcast spokeswoman told USA Today that there is “no evidence” of a breach.

Anyone with access to a Comcast customer’s email address and password could use those credentials to log into the account to watch streaming video or make purchases using stored credit card information (credit card details would not be accessible however), reports USA Today.

If you’re a Comcast customer, it’s a good idea to change your password regardless of whether or not your email address was on the list.

And if you use the same password on any other accounts (please don’t do that!), change those too.

→ Can’t view the video on this page? Watch directly from YouTube. Can’t hear the audio? Click on the Captions icon for closed captions.

Image of email symbols courtesy of Shutterstock.com.

Leave a Reply