Roughly 200,000 Comcast email users got an unpleasant surprise this weekend, as the company responded to a database of customer information offered for sale on a dark web marketplace. As reported by Steve Ragan at CSO, the database included 590,000 accounts, including password information, available for $1,000. Unfortunately for whoever bought the package, the vast majority of the accounts were inactive, and only 200,000 accounts from the list appeared to be at risk from the attack. Once notified of the breach, Comcast reset the accounts in question.
Comcast resets 200,000 email accounts after passwords leak
It’s still unclear where the passwords came from, and Comcast denied that any of its systems or apps had been compromised in connection with the breach. Given the poor quality of the data itself, it seems likely that the data comes from a third-party organization or is old enough to have been overlooked in Comcast’s search. In September, Comcast settled a privacy breach lawsuit with California for $33 million after failing to honor a privacy setting, but the breach in question did not expose any passwords to the public.
Follow topics and authors from this story to see more like this in your personalized homepage feed and to receive email updates.
