Comcast denies that the passwords were leaked from within the company, blaming an elaborate phishing attack.
US ISP Comcast has egg on its face this week after passwords for around four thousand of its subscribers were leaked onto the Internet via the document sharing site Scribd
According to the article over on The New York Times
, the passwords sat on the site for at least two months before one of their customers noticed and alerted the company to the breach.
Educational technology specialist Kevin Andreyo was performing a vanity search on Google for his e-mail address when he came across the list on Scribd – which included the password he had chosen for his account. Andreyo quickly got in touch with both Comcast and the FBI regarding the leak, although it wasn't until the New York Times got in touch with Scribd directly that the file was removed.
While active on Scribd, the list of e-mail addresses and passwords – uploaded by an individual going by the name vuthanhan2004
– was viewed 345 times and downloaded in its entirety 27 times. This gave Andreyo cause for concern, as – like many people – he used a single password “for everything that is not tied to my credit card
Comcast has stated that it has “no reason to believe
” that the list was leaked from within the company. Instead, it believes that the data trove was more likely the stash of a phisher who had fooled individuals into volunteering their personal information, citing a lack of other details such as account numbers and billing information on the list.
The company will be freezing the accounts on the list and contacting the account holders in order to get the passwords reset.
Do you believe there is something rotten going on at Comcast, or was Andreyo – and 3,999 others – merely a victim of a common or garden phishing scam? Share your thoughts over in the forums