14 DAY TRIAL // A user who was curious to search how much of his personal information was available on the Internet, stumbled upon a document containing some 8,000 usernames and passwords belonging to Comcast customers. After checking the file, the Internet service provider disabled around 700 active accounts and said it had been most likely the result of phishing.
Kevin Andreyo, an educational technology specialist and professor at Wilkes University, read an article about social search engines, services that were digging the Web for information about people. Curious to see how much about himself had leaked into the public domain, Mr. Andreyo did a little research using the freely-available Pipl search engine.
The professor searched for his e-mail and found it in a file that had been uploaded to the Scribd document-hosting service. The file was actually a list containing the login credentials of Comcast customers, one of the largest cable and Internet providers in the U.S. He reported the incident to the company, the FBI and The Times.
As The Times informs, the document registered 345 views and 27 downloads at the time it notified Scribd, which subsequently took it down. Unfortunately, as Mr. Andreyo admitted, he was using the password disclosed in the file for almost everything else except online banking. "Someone could just go in and pull up all your archived messages, and then they have everything about you," he commented.
In a statement given to DSLReports.com, Comcast maintained that, "Based on an initial analysis of the document, we have identified that only about 700 of these accounts are real. The list was likely generated as the result of a phishing scam or some kind of malware that affected customer computers. We have no reason to believe that any Comcast systems have been compromised."
Before settling on a number of 700, the company initially acknowledged 4,000 accounts, but later said that many of them were either inactive or duplicates, or that they did not belong to Comcast customers. Comcast disabled the compromised usernames and is in the process of notifying its affected clients.
"Comcast takes customer privacy very seriously and it is precisely because of times like this that we have been providing free security software and tools for years to help customers protect themselves from phishing scams and malware," a company spokesperson stressed. Comcast is offering McAfee Security Suite licenses for free to all of its customers.