bit-tech.net

4,000 Comcast passwords leaked

Published on 17th March 2009 by Gareth Halfacree

4,000 Comcast passwords leaked

Comcast denies that the passwords were leaked from within the company, blaming an elaborate phishing attack.

US ISP Comcast has egg on its face this week after passwords for around four thousand of its subscribers were leaked onto the Internet via the document sharing site Scribd.

According to the article over on The New York Times, the passwords sat on the site for at least two months before one of their customers noticed and alerted the company to the breach.

Educational technology specialist Kevin Andreyo was performing a vanity search on Google for his e-mail address when he came across the list on Scribd – which included the password he had chosen for his account. Andreyo quickly got in touch with both Comcast and the FBI regarding the leak, although it wasn't until the New York Times got in touch with Scribd directly that the file was removed.

While active on Scribd, the list of e-mail addresses and passwords – uploaded by an individual going by the name vuthanhan2004 – was viewed 345 times and downloaded in its entirety 27 times. This gave Andreyo cause for concern, as – like many people – he used a single password “for everything that is not tied to my credit card.”

Comcast has stated that it has “no reason to believe” that the list was leaked from within the company. Instead, it believes that the data trove was more likely the stash of a phisher who had fooled individuals into volunteering their personal information, citing a lack of other details such as account numbers and billing information on the list.

The company will be freezing the accounts on the list and contacting the account holders in order to get the passwords reset.

Do you believe there is something rotten going on at Comcast, or was Andreyo – and 3,999 others – merely a victim of a common or garden phishing scam? Share your thoughts over in the forums.

14 Comments

Discuss in the forums Reply
bilbothebaggins 17th March 2009, 11:46 Quote
What's an "Educational technology specialist" precious? :)
Gareth Halfacree 17th March 2009, 11:53 Quote
Quote:
Originally Posted by bilbothebaggins
What's an "Educational technology specialist" precious? :)
Good question. I'm guessing either a specialist in educational technology, or a technology specialist who provides education. THE PUBLIC SHOULD BE TOLD.
digitaldave 17th March 2009, 12:44 Quote
[H] are reporting 8000 . . . . . . . . .
Gareth Halfacree 17th March 2009, 12:55 Quote
Quote:
Originally Posted by digitaldave
[H] are reporting 8000 . . . . . . . . .
Then [H] are reporting wrong. The data dump had 8,000 records in it, but each record appeared twice - thus 4,000 unique e-mail and password combinations.
DarkLord7854 17th March 2009, 14:04 Quote
Well, I use Comcast and we weren't contacted, so I wouldn't doubt it's just people who were too stupid to realize they were typing their info into phishing sites.


Also..
Quote:
he used a single password “for everything that is not tied to my credit card.”

What a retard honestly.
perplekks45 17th March 2009, 14:17 Quote
He's just part of the vast majority...
Charlie at Comcast 17th March 2009, 14:24 Quote
Update from Comcast:

Based on an initial analysis of the document, we have identified only about 700 of these accounts appear real. It was likely generated as the result of a phishing scam or some kind of malware that affected customer computers.

We are in the process of proactively contacting customers to let them know about this situation and the steps they can take to help protect themselves.

Best thing anyone can do is use up-to-date security software and be highly suspicious of anyone asking for your user ID or password.
DarkLord7854 17th March 2009, 15:05 Quote
Wow a Comcast rep on BT? O.o

I find the main problem with people is not whether they have security software, it's how ignorant they are when it comes to clicking stuff and being aware of what site they're on. People are so oblivious on the internet, it's scary.
perplekks45 17th March 2009, 15:09 Quote
Must be a pretty big f**k-up if they feel the need to send representatives to forums of tech sites.
DarkLord7854 17th March 2009, 15:15 Quote
Quote:
Originally Posted by perplekks45
Must be a pretty big f**k-up if they feel the need to send representatives to forums of tech sites.

That or the media has the situation completely wrong..? Read what he posted?
perplekks45 17th March 2009, 15:19 Quote
I still don't think if it wasn't bad they wouldn't send out reps. Send mails to the news sites so they can update their articles, yes, but reps? No no no. :)
B3CK 17th March 2009, 17:29 Quote
Perhaps comcast is just trying to earn their customer service rating, either way, a rep should contact the websites admins to post on their behalf, instead of making a new user and responding. This is a technical website, not jollyrodgersflashnews.com . 4000, or 700, as mr. comcast reported does seem to be an extremely small number compared to customer base. Would have to be from phishing. my 2c.
The_Beast 17th March 2009, 21:34 Quote
^^ I've heard of that too, sending reps to forums that have news on there company to clear up the issue and receiver a higher customer service rating
Sebbo 18th March 2009, 15:26 Quote
would surely have to be from phishing, one would imagine that any company like comcast would be hashing the passwords in their database. not to is just asking for accounts to be stolen
Log in

You are not logged in, please login with your forum account below. If you don't already have an account please register to start contributing.



Discuss in the forums

More About...

Custom PC Issue 101

Custom PC Issue 101

3 Issues for just £1
PC Hardware Buyer's Guide September 2011

PC Hardware Buyer's Guide September 2011

Hardware 29 – We are not Server Admins

Hardware 29 – We are not Server Admins