It is now the turn of Comcast, over the weekend nearly 590,000 Comcast email addresses and passwords were offered for sale on a BlackMarket in the dark web. As proof of the authenticity of the Comcast data, the seller published a list of 112 accounts requesting 300 USD for 100,000 accounts, the entire list of 590,000 accounts goes for $1,000 USD.
Comcast was in possession of the list and it was checking the leaked data, it seems that of the 590,000 records offered for sale on the black marketplace about 200,000 of them were still active.
Although they represent a minor part of the bulk data sold by crooks, we can not overlook the fact that the credentials offered could be used to take over the Comcast accounts.
According to the Comcast security team, the systems of the company have not been compromised, every user that will report suspicious activity on his account will be contacted singularly to solve the issue.
It is likely that the data still active and valid comes from a collection of data resulting from other data breaches, they are almost certainly recycled.
Online it is quite easy to find collections of data that come from malware-based attacks, data breaches, and phishing attacks. Unfortunately, users have the bad habit of sharing the same login credentials among different services online, when one of them is compromised attackers can access all the other web services.
In the specific case the list of Comcast login credentials was circulating online since last week, it is likely someone decided to offer it for sale.
Summarizing Comcast wasn’t the victim of a data breach, the company has reset nearly 200,000 passwords after customer list was discovered.
(Security Affairs – Comcast, Dark Web)