14 DAY TRIAL // Comcast has put a stop to a cybercriminal's attempt to make some money on the back of the company's customers, and has forcibly reset the passwords for over 200,000 user accounts.
CSO's Steve Ragan was told by an alleged Comcast data breach by one of the site's readers, who pointed him to a Dark Web link, where Comcast data was supposedly offered for sale.
Comcast data was available for sale on the black market
Investigating the issue further, Mr. Ragan arrived on a Dark Web marketplace where data of around 590,000 Comcast customers was available for around 3.23 Bitcoin (~USD $1,000), all with passwords in cleartext.
A sample of 112 Comcast accounts was offered as proof of the data's validity, and buyers also had the option to buy smaller samples of 100,000 Comcast user credentials for around $300.
Cybercriminals put up the listing last Thursday, November 5, and Mr. Ragan came across it on Saturday, November 7. As soon as he stumbled across the data, Mr. Ragan notified Comcast.
Only a third of the full customer data contained valid passwords
The company bought the data, and after a quick analysis, it found that only 200,000 accounts contained up-to-date information.
This led the Comcast team to believe the data was quite old, containing information from users who changed their password in the meantime, or were not Comcast customers anymore.
To prevent any abuses, Comcast's engineers initiated a forced password reset for the 200,000 accounts that still had up-to-date password information.
A company representative told CSO that they were confident none of their apps, websites, or services was at the time or recently compromised. This leads us to believe that the data may originate from phishing campaigns, or it may have been recycled from other breaches.
The Dark Web marketplace listing is still up but was marked in the meantime as a "scam," meaning there are very low chances someone will bother purchasing the data.