Comcast customer list for sale on Dark Web

The post in question offered a list of 590,000 Comcast email addresses and corresponding passwords. The ISP is changing the passwords on those accounts, and says the customers themselves are likely to blame for the breach.

A sample of 112 Comcast accounts was offered as proof of the data’s validity, and buyers also had the option to buy smaller samples of 100,000 Comcast user credentials for around $300.

The weekend sale of the information received one customer, presumably Comcast, judging by the speed with which the company handled the list and reset passwords on the accounts, CSO reported Monday.

Saturday evening, Salted Hash contacted Comcast about the account list being sold online.

“The vast majority of the information that’s out there was not accurate”, the spokeswoman said.

Ironically, one of the places where the earlier list of Comcast accounts was being published was a Reddit discussion about the list of 590,000 accounts on the Dark Web.

The Philadelphia, Pa.-based company has about 28 million customers, so 200,000 is a minuscule number.

Similar lists of Comcast data were circulated earlier last week, and it’s possible the list being sold on the Dark Web included a few, if not all of the records in that earlier list.

The Dark Web marketplace listing is still up but was marked in the meantime as a “scam”, meaning there are very low chances someone will bother purchasing the data. Still, it shows how readily online thieves slice and dice data, selling it like bushels of corn via online markets.

There’s little that someone with a stolen Comcast login and password information could do with it, beyond using it to stream television as full credit card information is not visible on the account screens, Comcast said.