One of the major cable giants, Comcast, announced that it has forced the password reset of 200,000 of its customers after an offered list of password and email addresses of 590,000 Comcast customers was put up for sale on the dark web. Comcast denied the breach, but in the abundance of caution had reset the passwords of 200,000 of the 590,000 customer accounts that were publicly published for sale. Comcast determined that of the 590,000 accounts only 200,000 were active according to a company spokesperson.
Comcast stated that a breach was not the source of the revealed data, but instead that it is the result of a phishing scam. Comcast also said that since three-quarters of the list that was put up for sale contained inactive accounts, it would appear that this is not a recent breach or the list would contain a much higher percentage of active accounts. Hackers often will include data that was taken from a previous data dump, or put together a collection of recycled dumps mixed in with a more recent one to enlarge the numbers, hence collecting more revenue for their illegal sale of customer account data.
The hacker responsible for the posting of the accounts on the dark web scorned Comcast’s phishing scenario and on November 10, 2015 claimed he or she was offering new Comcast account data for sale to the tune of $1,000 for all 590,000 email addresses and passwords or $300 for increments of 100,000 each. The hacker claimed the data theft was easily accomplished because Comcast had stored the passwords in plaintext, something Comcast has been accused of before.
Comcast has a history of denying culpability in breaches in its past. In 2009 a breach at Comcast had exposed plaintext passwords, but the company denied it had been breached, and again claimed it was the result of phishing.
A more recent attack came in February, 2014 when 34 Comcast email servers were reportedly hacked by a hacker group known as NullCrew FTS. The hacker group then published on Pastebin a list of the Comcast mail servers with a link to the root file that contained the access vulnerability or open door if you will. Comcast again claimed there had been no intrusion and denied any loss of its customer’s personal information for a full 24 hours; it was only after the hackers removed the post on Pastebin 24 hours later that Comcast issued the following statement:
A Comcast spokesman said:
We’re aware of the situation and are aggressively investigating it. We take our customers’ privacy and security very seriously, and we currently have no evidence to suggest any personal customer information was obtained in this incident.
The vulnerability NullCrew FTS used to hack the Comcast mail servers had been discovered and a patch to fix the problem was disclosed in December of 2013, but apparently Comcast never utilized the patch to secure their servers, which essentially is like leaving the door unlocked for cyber thieves to gain access to Comcast customer’s usernames, passwords and other sensitive information on the company’s servers.
A spokeswoman from Comcast said, “This was not a breach of our system” and also claimed that the data “wasn’t taken from our servers/databases.” According to Comcast the cyber intrusion may have been the result of malware, or a third-party site that contained the account data on Comcast customers or a phishing scheme that customers themselves fell victim to on their own. The spokeswoman also stated that Comcast would not be offering credit monitoring services to the 200,000 subscribers who were affected because Comcast itself was not breached.
In what comes as a surprising response, or lack thereof, the company stated it had not requested law enforcement to investigate because the cyber theft occurred outside of its network and therefore had no offerable information that would be of use. In the cyber security field this tack by Comcast is not really surprising given the company’s past history of denying any responsibility in previous breaches, but it is still a bit shocking to see a cable giant this size simply leave their customers to fend for themselves.
Additional Resources About This Breach: