Comcast has put a stop to a cybercriminal’s attempt to make a few money on the back of the company’s customers, and has forcibly reset the passwords for over 200,000 user accounts.
Advertisement
A Comcast customer list was sold online on the “Dark Web”, sites hidden from search engines, over the weekend. The post in question offered a list of 590,000 Comcast email addresses and corresponding passwords.
A sample of 112 Comcast accounts was offered as proof of the data’s validity, and buyers also had the option to buy smaller samples of 100,000 Comcast user credentials for around $300.
What’s interesting about the list of customer account information is that it did not come from a breach of Comcast’s network. The company started notifying customers on Sunday. Comcast quickly got a hold of the list and reset the passwords on accounts whose emails were included, whether the passwords in the list were accurate or not.
“There’s no evidence that this is a breach, but we are working with the customers who were impacted to secure their account”, said Comcast spokeswoman Jenni Moyer.
According to the FCC, a hacker identifying himself as EvilJordie masqueraded as a Cox tech employee and successfully convinced a company customer service rep and a Cox contractor to give up authentication keys that unlocked the sensitive customer data.
Instead, the list appears to have been compiled from previously stolen information available on the dark web and simply aggregated to include only purported Comcast customers.
Advertisement
According to a recent report from cybersecurity firm McAfee, a stolen credit card number in the USA only goes for between $5 and $30, depending on how much information it’s associated with.
