Comcast Accidentally Published 200,000 'Unlisted' Phone Numbers

An anonymous reader quotes a report from Ars Technica: Comcast mistakenly published the names, phone numbers, and addresses of nearly 200,000 customers who paid monthly fees to make their numbers unlisted. The names and numbers were made available on Ecolisting, a directory run by Comcast, and picked up by third-party directories. After discovering the mistake, Comcast shut Ecolisting down, gave $100 credits to affected customers, and advised them that they can change their phone numbers at no charge. This is similar to a mistake in the early 2010s that resulted in Comcast paying a $33 million settlement in 2015.

The Denver Post reported last week: "For years, customers have had the ability to pay a small sum per month to ensure their phone numbers and personal information remain off of telephone and online directories. But in January and February, thousands of people across the country received letters from Xfinity telling them the company had inadvertently published personal information on Comcast's online directory, Ecolisting.com. The issue affected 2 percent of Comcast's 9.9 million voice customers, the company said." In a statement to Ars, Comcast said, "We have corrected this issue for our identified customers, apologized to them for this error, and given them an additional $100 credit. We are working with our customers directly to address this issue and help make it right, and are taking steps to prevent this from happening again."

Comcast also warned that "this information could be available on online directories or through other public sources that Comcast does not control." If that's the case, the company advises contacting those online directories directly and/or changing your Xfinity Voice telephone number.

Re:

[BeerFartMoron]

This go-around, Comcast needs to add 3 more zeroes to the end of that fine amount......

I would agree. According to their own numbers they've "paid" just under $20 million in $100 credits. Compared to how much they made while providing the access to the data or how much they could be fined for doing so, that sounds like a huge bargain.

Ima get some popcorn.

You put 'unlisted' in quotes...

[fustakrakich]

You should have put "Accidentally" in quotes

"Unlisted" has a specific meaning

[Solandri]

Or at least it did back in the days of landlines. It meant your phone number did not show up in the master directory of phone numbers. i.e. The White Pages [wikipedia.org]. That was a big book delivered to every house which listed all the phone numbers in your area, minus the unlisted ones. The pages were colored white, to distinguish them from the Yellow Pages, which were commercial business listings and advertisements.

I'm not quite sure what "unlisted" would mean in this post-landline world. I've never seen the ce

People on that list...

[ELCouz]

Funny that nobody cared handling that confidential data. Some are victims that requested the phone/address data to stay private. Do it now and apologize later that's the motto now.

Re:

[nonBORG]

Not just that, your number may be listed in online directories and it is your problem if it is. All care no responsibility.

E. Coli Sting?

[KavyBoy]

What a strange name for a web site: e. coli sting.

I had to check it out to see what it really was supposed to be.

Now I'm off to Expert Sex Change dot com to see what that's about.

Re:

[Krishnoid]

And when you're ready to go through with it, make sure you sign the consent forrms with a high-quality pen -- from your friends at Pen Island.

How much to change address?

[Anon42Answer]

Ok, $100 to change phone number. A huge hassle but not insurmountable. How much to change ADDRESS? That info being published should result in a lot higeh payment to customers.

Re:

[SharpFang]

Well, at least Comcast doesn't have to worry about being sued by these most affected by the leak, since dead can't sue.

Re:

[account_deleted]

Comment removed based on user account deletion

Too late

[PPH]

That list is out there now. And it still has value to analyze past call metadata.

Who's going to jail?

[AndyKron]

Comcast should get 200,000 lawsuits now

Re: Who's going to jail?

[astrofurter]

Everyone knows in Soviet America state companies like Comcast are above the law.

Hilarious, Part II

[JustAnotherOldGuy]

The second hilarious article I've read on /. today.

The first was the "Bitcoin Drops Almost 30 Percent" article, but this one actually made me laugh.

"Pay us money to keep your number private, we'll make sure it's safe and secure and.....oops, it's out there. You want a refund? Errrrr....let me talk to customer service about that, can I put you on a short hold?"

So What ?

[speedlaw]

The prior idea of an unlisted number, back when, oh, there were big books of numbers, printed by the phone company every year, made sense. Today, every spammer who needs to eat shit and die in a fire just runs a random number generator, hitting your whole exchange en masse. I've three phone numbers in my office and they all light up pretty much the same time with the same spoofed CID from my local exchange so it looks like a legit local call.

Happened to me with Ameritech

[blastard]

I paid the money for an unlisted, unpublished number. It was a very nice number to have. All of a sudden I started getting sales calls.
  Contacted Ameritech and they did readily admit they somehow accidentally changed it. Thanks for them screwing up, I had to change my number and give up a good memorable number.

Worth noting that they make money when they complete calls to your phone, so it is in their best interest to have your number out there.

Unlisted

[Anachronous Coward]

Maybe they thought that was like inflammable.

Pay money for this?

[martinX]

You have to pay money so they don't list your phone number?

Phone number security or lack of ...

[dogsbreath]

Phone number publishing has never been very secure. For example: configuring your phone, landline or mobile, to not send caller id does not prevent the id from being sent. The source system sets a flag to not display the id at the destination but always sends the information. It is up to the destination system to respect the flag or not. It is not unusual to have the caller id not show up on the called phone line but if you leave a voice mail, the message system will dutifully record and play back the calling number. The phone switch respected the flag but the voice mail system did not.

Similarly, I have seen telco directories that just set a "do not publish" flag on a number but publish the entire database to other clients or customers. It is up to that consumer of the database to properly respect the setting.

For most of us this is just an annoyance. We are pissed off that we paid for something that doesn't do what we expected. For others, especially vulnerable people who are trying to distance themselves from an abuser, the lack of security can be deadly.

Unless someone is jailed

[freedom_india]

Sadly no one will be jailed esp when the details involve those under witness protection. Once you throw a few top executives in jail and sentence them for 23 years, you will find Comcast suddenly obeying the law. It would also mean zero campaign contributions to politicians.