Comcast Resets Nearly 200,000 Passwords After Customer List Goes On Sale (csoonline.com)

← Back to Stories (view on slashdot.org)

Comcast Resets Nearly 200,000 Passwords After Customer List Goes On Sale (csoonline.com)

Posted by samzenpus on Monday November 9, 2015 @08:14AM from the 1-2-3-4-5 dept.

itwbennett writes: Over the weekend a Dark Web marketplace had 590,000 Comcast email addresses and passwords for sale, offering the entire list for $1,000, writes CSO's Steve Ragan. Saturday evening Ragan contacted Comcast about the accounts being sold online and learned that Comcast had 'already obtained a copy of the list' and was checking it against their customer base. 'Of the 590,000 records being sold, only about 200,000 of them were active,' Comcast said. Still unknown is the source of the data being sold online, although signs point to it being recycled.

5 of 43 comments (clear)

Min score:

Reason:

Sort:

Good time for a phone scam by Joe_Dragon · 2015-11-09 08:17 · Score: 3, Insightful

Good time for a phone scam.
By calling people and saying that you are from Comcast and that we need to reset your password and asking them for the info + there new password.
1. Re:Good time for a phone scam by Tablizer · 2015-11-09 08:45 · Score: 5, Funny
  
  What would you call that, two factor scam authentication?
  Is your network slow?: [Yes]
  Does it flake at night and on weekends?: [Yes]
  Do technicians pretend like they solve the problem but never do?: [Yes]
  Does phone support always want to sell you crap you don't need or want?: [Yes]
  Do weird fees appear on your bill out of no-where?: [Yes]
  [Enter...]
  You have been CONFIRMED to be a Comcast customer. Now please change your password.
  
  --
  Table-ized A.I.
2. Re:Good time for a phone scam by rsborg · 2015-11-09 10:13 · Score: 3, Insightful
  
  What would you call that, two factor scam authentication?
  Is your network slow?: [Yes]
  Does it flake at night and on weekends?: [Yes]
  Do technicians pretend like they solve the problem but never do?: [Yes]
  Does phone support always want to sell you crap you don't need or want?: [Yes]
  Do weird fees appear on your bill out of no-where?: [Yes]
  [Enter...]
  You have been CONFIRMED to be a Comcast customer. Now please change your password.
  You're also likely an AT&T or Verizon subscriber. Once the entity gets to a large enough size, it's often incapable of fighting those "creative ways to boost revenue" by screwing it's captive customers.
  
  --
  Make sure everyone's vote counts: Verified Voting
It isn't just Comcast passwords ... by Alain+Williams · 2015-11-09 08:38 · Score: 3, Insightful

it is also all the other places where people have used the same password and have used the same email address. Comcast must contact all 590,000 people - not just the 'active' ones; people might not be active comcast customers but many will still be real people who must be told that an old supplier has f**ked up and revealed their password.
It is unacceptable for comcast to say: old customer, not important; they should not have reused their password - so not our fault. I agree that password reuse is stupid, but the world is full of stupid people.
Plaintext passwords? by romanval · 2015-11-09 09:00 · Score: 5, Insightful

Who the hell stores plaintext passwords anymore? You'd think that should be illegal...