Categories: Breaking NewsCyber CrimeData Breach

200,000 Comcast login credentials available on the Dark Web

During the weekend, nearly 590,000 Comcast email addresses and passwords were offered for sale on a BlackMarket in the dark web.

It is now the turn of Comcast, over the weekend nearly 590,000 Comcast email addresses and passwords were offered for sale on a BlackMarket in the dark web. As proof of the authenticity of the Comcast data, the seller published a list of 112 accounts requesting 300 USD for 100,000 accounts, the entire list of 590,000 accounts goes for $1,000 USD.

The discovery of the singular sale was made first by an individual owning the Twitter account @flanvel, which promptly contacted Salted Hash to report it the news.

Comcast was in possession of the list and it was checking the leaked data, it seems that of the 590,000 records offered for sale on the black marketplace about 200,000 of them were still active.

Although they represent a minor part of the bulk data sold by crooks, we can not overlook the fact that the credentials offered could be used to take over the Comcast accounts.

According to the Comcast security team, the systems of the company have not been compromised, every user that will report suspicious activity on his account will be contacted singularly to solve the issue.

It is likely that the data still active and valid comes from a collection of data resulting from other data breaches, they are almost certainly recycled.

Online it is quite easy to find collections of data that come from malware-based attacks, data breaches, and phishing attacks. Unfortunately, users have the bad habit of sharing the same login credentials among different services online, when one of them is compromised attackers can access all the other web services.

In the specific case the list of Comcast login credentials was circulating online since last week, it is likely someone decided to offer it for sale.

Summarizing Comcast wasn’t the victim of a data breach, the company has reset nearly 200,000 passwords after customer list was discovered.

Pierluigi Paganini

(Security Affairs – Comcast, Dark Web)

Pierluigi Paganini

Pierluigi Paganini is member of the ENISA (European Union Agency for Network and Information Security) Threat Landscape Stakeholder Group and Cyber G7 Group, he is also a Security Evangelist, Security Analyst and Freelance Writer. Editor-in-Chief at "Cyber Defense Magazine", Pierluigi is a cyber security expert with over 20 years experience in the field, he is Certified Ethical Hacker at EC Council in London. The passion for writing and a strong belief that security is founded on sharing and awareness led Pierluigi to find the security blog "Security Affairs" recently named a Top National Security Resource for US. Pierluigi is a member of the "The Hacker News" team and he is a writer for some major publications in the field such as Cyber War Zone, ICTTF, Infosec Island, Infosec Institute, The Hacker News Magazine and for many other Security magazines. Author of the Books "The Deep Dark Web" and “Digital Virtual Currency and Bitcoin”.