Comcast Tells 200K Users to Reset Passwords in Security Threat

Hackers matched usernames and passwords on Comcast accounts with usernames and passwords they had obtained from past, shared hacks.

Here's yet another example of why people need to use multiple passwords when handling transactions of any type on the Internet.

Comcast, the largest cable television and Internet services provider in the United States with more than 28 million subscribers, revealed Nov. 9 that it has required about 200,000 of its customers to reset their passwords after the company discovered its information was being sold and resold online by black-market personal-information brokers.

This particular mishap was not the result of a hacking event on Comcast's data stores. Instead, hackers matched usernames (in Comcast's case, usernames are email addresses) and passwords on Comcast accounts with usernames and passwords they had obtained from past, shared hacks of other companies.

Not only does this show how often people use the same username/email address and password for various different accounts, but it also is a first-rate example of how commoditized this type of stolen data has become.

Virtually all of the username/email address and passwords that were compromised were obtained by online thieves who use readily available software to match the Comcast username and password with those from other accounts—such as from social networks, retail outlets and utilities—already stolen from the same users.

Black-market dealers in stolen personal information such as this operate most often in networks called the dark Web. The dark Web is the colloquial term for the anonymized network enabled by Tor, proxies and other privacy-focused technologies; it is not available through the public Internet and can only be accessed through specific software.

Sites and services on the dark Web range from collaboration platforms for whistle-blowers to stores selling illicit goods to hubs for darker criminal activities.

The Comcast customers' email addresses and the passwords associated with those email addresses were offered for sale on the dark Web last weekend, the cable network said. The names were being sold as a list of 590,000 email-password combinations that the unnamed seller claimed belonged to Comcast customers, security Website CSO reported.

The seller posted the asking price for the full list as $1,000, CSO said. When Comcast was alerted and checked the accounts, it determined that only about a third of the 590,000 combinations were legitimate, the company said.

So, to protect those 200,000 customers, Comcast locked down their accounts over the weekend, which forced users to verify their identity and reset passwords.

If those passwords hadn't been used in other accounts that had been hacked and the information shared among black-market brokers, the chances of the Comcast accounts being impacted by this sale would have been greatly lessened.

Chris Preimesberger

Chris J. Preimesberger

Chris J. Preimesberger is Editor-in-Chief of eWEEK and responsible for all the publication's coverage. In his 13 years and more than 4,000 articles at eWEEK, he has distinguished himself in reporting...