Comcast Resets 200,000 Compromised Email Passwords, But Questions Remain - InformationWeek

InformationWeek is part of the Informa Tech Division of Informa PLC

This site is operated by a business or businesses owned by Informa PLC and all copyright resides with them.Informa PLC's registered office is 5 Howick Place, London SW1P 1WG. Registered in England and Wales. Number 8860726.

Government // Cybersecurity
04:40 PM
Larry Loeb
Larry Loeb

Comcast Resets 200,000 Compromised Email Passwords, But Questions Remain

Comcast has reset the passwords for about 200,000 email accounts that appeared for sale on the Dark Web. However, there are a lot of questions about what the company knows and if there's more information out there to take.

7 Hot Advances In Email Security
7 Hot Advances In Email Security
(Click image for larger view and slideshow.)

Comcast, one of the largest cable and Internet providers in the US, claims it has reset the email passwords of 200,000 of its customers after they were offered for sale on the Dark Web, according to published reports. It's still not clear if there was a hack or not.

However, the seller of the email password dump is still taunting Comcast and hints there may be more personal information to leak and sell on the Dark Web.

To recap how Comcast and its customers got to this point: The offered password and email list that appeared on the Dark Web was actually composed of about 590,000 account name and password pairs when it came to wider attention.

However, Comcast quickly stated that it determined that only 200,000 were active accounts, according to a company spokesperson. These were the ones that were reset. The spokesperson denied that Comcast had bought the list from the seller, but had somehow managed to obtain its own copy for a comparison. The ones that matched active email accounts were the ones that were involved in the reset process.

All of this was first reported by CSO after a tipoff from security researcher @flanvel on Twitter. However, the origin of the list is the first question that pops to mind in order to find out what really happened.

To get answers, it's good to go to the source.

(Image: SweetBabeeJay/iStockphoto)

(Image: SweetBabeeJay/iStockphoto)

In an email exchange with InformationWeek, Flanvel writes:

The name of the market [where the list was offered for sale] is "Python Market." I spend a portion of my time exploring the dark net looking for breaches both manually and automatically through tools I've written. I came across this specific breach just browsing the market for new posts.

However, Flanvel is not so sure that the data that was being sold is new.

"It is my assumption, though the facts are not decisive, the data was being recycled from previous dumps, or a collection of multiple dumps. Many scammers will try to resell data or pad the numbers to turn a larger profit," Flanvel wrote in an email on Nov. 10.

The Comcast spokesperson denied a breach occurred for the current list. The company is suggesting it is a phishing scheme, which has prompted some to say that Comcast is actually blaming the victim. If you think about it, the mechanics of phishing for over half a million accounts makes that explanation seem self-serving.

Since the list was composed of about 70% deadwood accounts, according to Comcast, it seems that this is not the result of a recent breach. If it had been, the active count of email addresses and passwords would have been higher.

[Read about Microsoft's latest security acquisition.]

Flanvel also tweeted on Nov. 10, that the original poster was offering new Comcast dumps for sale.

Further, the poster responded to Comcast's phishing explanation with derision and scorn. Interestingly, whoever this person is, he or she misplaces the dollar sign in the money request for the dump. This might mean the person is not a native English speaker.

A thread on Reddit had discussed the available list before mainstream media wrote about it. The main takeaway from that discussion was the incredulity of the posters that the passwords were stored in plaintext.

This is not the first time that Comcast has had a problem with storing passwords in plaintext. A breach in 2009 exposed plaintext passwords. Comcast denied it had been breached and blamed a phishing scheme then as well.

This kind of company denial is in line with the last breach of 34 Comcast email servers reported in 2014. At that time, Comcast denied a loss of personal data had occurred.

Larry Loeb has written for many of the last century's major "dead tree" computer magazines, having been, among other things, a consulting editor for BYTE magazine and senior editor for the launch of WebWeek. He has written a book on the Secure Electronic Transaction Internet ... View Full Bio
We welcome your comments on this topic on our social media channels, or [contact us directly] with questions about the site.
Comment  | 
Print  | 
More Insights
Newest First  |  Oldest First  |  Threaded View
User Rank: Author
11/12/2015 | 7:06:07 AM
Re: Public email account
That could be said of any public computing service.

To me, the problem is Comcast did not encrypt the data it stored for the passwords. Sloppy.
InformationWeek Is Getting an Upgrade!

Find out more about our plans to improve the look, functionality, and performance of the InformationWeek site in the coming months.

Remote Work Tops SF, NYC for Most High-Paying Job Openings
Jessica Davis, Senior Editor, Enterprise Apps,  7/20/2021
Blockchain Gets Real Across Industries
Lisa Morgan, Freelance Writer,  7/22/2021
Seeking a Competitive Edge vs. Chasing Savings in the Cloud
Joao-Pierre S. Ruth, Senior Writer,  7/19/2021
White Papers
Register for InformationWeek Newsletters
Current Issue
Monitoring Critical Cloud Workloads Report
In this report, our experts will discuss how to advance your ability to monitor critical workloads as they move about the various cloud platforms in your company.
Flash Poll