Please create an account to participate in the Slashdot moderation system

 



Forgot your password?
typodupeerror
×
Crime Privacy Security

Comcast Resets Nearly 200,000 Passwords After Customer List Goes On Sale (csoonline.com) 43

itwbennett writes: Over the weekend a Dark Web marketplace had 590,000 Comcast email addresses and passwords for sale, offering the entire list for $1,000, writes CSO's Steve Ragan. Saturday evening Ragan contacted Comcast about the accounts being sold online and learned that Comcast had 'already obtained a copy of the list' and was checking it against their customer base. 'Of the 590,000 records being sold, only about 200,000 of them were active,' Comcast said. Still unknown is the source of the data being sold online, although signs point to it being recycled.
This discussion has been archived. No new comments can be posted.

Comcast Resets Nearly 200,000 Passwords After Customer List Goes On Sale

Comments Filter:
  • by Joe_Dragon ( 2206452 ) on Monday November 09, 2015 @03:17PM (#50895727)

    Good time for a phone scam.

    By calling people and saying that you are from Comcast and that we need to reset your password and asking them for the info + there new password.

    • Still unknown is the source of the data being sold online, although signs point to it being recycled.

      So, they got the info out of the Recycle Bin?

  • by Alain Williams ( 2972 ) <addw@phcomp.co.uk> on Monday November 09, 2015 @03:38PM (#50895959) Homepage

    it is also all the other places where people have used the same password and have used the same email address. Comcast must contact all 590,000 people - not just the 'active' ones; people might not be active comcast customers but many will still be real people who must be told that an old supplier has f**ked up and revealed their password.

    It is unacceptable for comcast to say: old customer, not important; they should not have reused their password - so not our fault. I agree that password reuse is stupid, but the world is full of stupid people.

    • by ZipK ( 1051658 )

      Comcast must contact all 590,000 people

      "Can I please place you on hold? Thank you, I am now transferring you to the department that handles this function."

      Click. Click.
      (Silence)
      Click.

      "Hello, and welcome to Comcast customer service. We are currently experiencing higher than normal volumes, but be assured that your call will be handled as soon as a customer service agent is available. Please hold."

      (Music)

      "Have you heard about Comcast Xfinity bundles? Comcast Xfinity bundles offer customers the opportunity to right-size their services!"

    • "It is unacceptable for comcast to say: old customer, not important; they should not have reused their password - so not our fault. "

      Which is why probably why Comcast did not say that: "However, playing the better safe than sorry card, Comcast will assume the passwords on the matching accounts are valid and force a reset."

      With all of the veritably bad actions that Comcast is taking, there's no need to make stuff up.

  • by Anonymous Coward

    Still unknown is the source of the data being sold online, although signs point to it being recycled.

    It's good to hear that the hackers care about the environment.

  • "Customers impacted by the password resets will be dealt with on a case-by-case basis. When asked, a Comcast representative confirmed that their security teams were certain that none of their systems or apps had been compromised."

    Uh... EXCUSE ME?! If my account was compromised I want to know NOW - I rarely login to my account as I have my own email and get my bill mailed to me.

    sigh... going to check now...

    • Re: (Score:2, Insightful)

      by Anonymous Coward

      "Customers impacted by the password resets will be dealt with on a case-by-case basis. When asked, a Comcast representative confirmed that their security teams were certain that none of their systems or apps had been compromised."

      Uh... EXCUSE ME?! If my account was compromised I want to know NOW - I rarely login to my account as I have my own email and get my bill mailed to me.

      sigh... going to check now...

      Ok.. the obvious question.... WHY is there a list of Comcast passwords? They've not heard of basic hashing?

    • Or, how about the fact (yes, fact) that most people [citation needed] use the same password for a variety of services? A unique enough email address can lead to one's online identity being discovered, and now the nefarious turd has your password.

      Then again, maybe the person already checked those vectors and is just trying to make a little more money off the list.

  • by romanval ( 556418 ) on Monday November 09, 2015 @04:00PM (#50896191)

    Who the hell stores plaintext passwords anymore? You'd think that should be illegal...

    • by Anonymous Coward

      Who the hell stores plaintext passwords anymore? You'd think that should be illegal...

      Passwords don't need to be store as plaintext to determine them, there are techniques you can use to recover hashed passwords, as long as they're 14 characters or less.

  • by Noah Haders ( 3621429 ) on Monday November 09, 2015 @04:14PM (#50896339)

    There's a larger issue of password reuse. It's likely that many of the 590k people on the list feuse passwords, which means you can just start an auto logging script to get into email, banks, everywhere.

  • Recycled means it came from other sources, not from going into Comcast.

    They flagged the guy as a scammer, too. Honor amongst thieves?

    It's all in TFA

Solutions are obvious if one only has the optical power to observe them over the horizon. -- K.A. Arsdall

Working...