Slashdot Mirror

← Back to Stories (view on slashdot.org)

Comcast Resets Nearly 200,000 Passwords After Customer List Goes On Sale (csoonline.com)

Posted by samzenpus on from the 1-2-3-4-5 dept.

itwbennett writes: Over the weekend a Dark Web marketplace had 590,000 Comcast email addresses and passwords for sale, offering the entire list for $1,000, writes CSO's Steve Ragan. Saturday evening Ragan contacted Comcast about the accounts being sold online and learned that Comcast had 'already obtained a copy of the list' and was checking it against their customer base. 'Of the 590,000 records being sold, only about 200,000 of them were active,' Comcast said. Still unknown is the source of the data being sold online, although signs point to it being recycled.

5 of 43 comments (clear)

  1. Good time for a phone scam by Joe_Dragon · · Score: 3, Insightful

    Good time for a phone scam.

    By calling people and saying that you are from Comcast and that we need to reset your password and asking them for the info + there new password.

    1. Re:Good time for a phone scam by rsborg · · Score: 3, Insightful

      What would you call that, two factor scam authentication?

      Is your network slow?: [Yes]

      Does it flake at night and on weekends?: [Yes]

      Do technicians pretend like they solve the problem but never do?: [Yes]

      Does phone support always want to sell you crap you don't need or want?: [Yes]

      Do weird fees appear on your bill out of no-where?: [Yes]

      [Enter...]

      You have been CONFIRMED to be a Comcast customer. Now please change your password.

      You're also likely an AT&T or Verizon subscriber. Once the entity gets to a large enough size, it's often incapable of fighting those "creative ways to boost revenue" by screwing it's captive customers.

      --
      Make sure everyone's vote counts: Verified Voting
  2. It isn't just Comcast passwords ... by Alain+Williams · · Score: 3, Insightful

    it is also all the other places where people have used the same password and have used the same email address. Comcast must contact all 590,000 people - not just the 'active' ones; people might not be active comcast customers but many will still be real people who must be told that an old supplier has f**ked up and revealed their password.

    It is unacceptable for comcast to say: old customer, not important; they should not have reused their password - so not our fault. I agree that password reuse is stupid, but the world is full of stupid people.

  3. Re:Are they going to bother notifying us?! by Anonymous Coward · · Score: 2, Insightful

    "Customers impacted by the password resets will be dealt with on a case-by-case basis. When asked, a Comcast representative confirmed that their security teams were certain that none of their systems or apps had been compromised."

    Uh... EXCUSE ME?! If my account was compromised I want to know NOW - I rarely login to my account as I have my own email and get my bill mailed to me.

    sigh... going to check now...

    Ok.. the obvious question.... WHY is there a list of Comcast passwords? They've not heard of basic hashing?

  4. Plaintext passwords? by romanval · · Score: 5, Insightful

    Who the hell stores plaintext passwords anymore? You'd think that should be illegal...