During the weekend, a list of over 590,000 Comcast accounts were auctioned through a trading site on the Dark Web. In response, Comcast changed the login credentials of active accounts.
According to CSO, the vendor that put the hacked Comcast account list for sale provided 112 accounts as proof that they were indeed from Comcast subscribers. The seller was selling 100,000 accounts for $300. All 590,000 was priced at $1,000.
However, Comcast denies breaches of its network that could have led to hackers obtaining its customers' account information. It specifies that only 200,000 out of the 590,000 listed accounts are active and that the rest of the list are either inactive or filled with false information.
"We're taking this seriously and we're working to get this fixed for those customers who may have been impacted but the vast majority of information out there was invalid," says a Comcast representative.
The company alleges that the accounts were compromised because of subscribers who either downloaded malware or visited malware-laden portals. Phishing is also a viable technique to gain the subscribers' account credentials.
Nonetheless, leaving no compromises, the Philadelphia-based cable company has begun to reset the passwords for all 590,000 accounts.
Moreover, as CSO notes, Comcast will deal with the affected clientele on a case-to-case basis. The company's security team ascertains that neither its system nor its apps were compromised.
Several lists of Comcast subscriber data have also been circulated over the Internet in the recent weeks. It is possible that the recent auctioned list over the Dark Web involves the accounts on previously published lists.
As of Nov. 9, only a single purchase was made, and CSO points out that it could very well be Comcast itself that purchased the full list, considering the speed at which the issue was dealt with.
According to the 2015 Cost of Data Breach Study by IBM, the average consolidated total cost of a data breach is $3.8 million. Moreover, each lost or stolen record will cost the company a consolidated average of $154.
Healthcare provider Anthem, dating portal Ashley Madison, the IRS and the United States Office of Personnel Management (OPM) recorded some of the biggest and most damaging data breaches of 2015.
Photo : Mike Mozart | Flickr