Though the seller claimed to be selling 590,000 accounts, it turned out only about a third of them were still active, valid accounts. Comcast quickly got a hold of the list and reset the passwords on accounts whose emails were included, whether the passwords in the list were accurate or not. Because of the large number of invalid logins, the seller was reported by buyers and the listing was eventually pulled, but not before at least one buyer was able to purchase it.
The login info was discovered by Twitter user @flanvel, who stumbled across the details on a dark Web marketplace that also specializes in drugs, counterfeit products, weapons, and malware sales. The screenshot shows the seller asking 0.8098 bitcoin, or just over $300 at publish, for a selection of 100,000 of the logins, or about $1,500 for the whole list. There’s also a short example list of the account info, listed in plain text, as proof of existence.
Anyone notice the 590K emails/plaintext passwords allegedly from Comcast being sold? pic.twitter.com/jbASQP0E2Y
— flanvel (@flanvel) November 7, 2015
It’s still not exactly clear where the login details came from, although without any major reported breaches recently, it’s likely the passwords were obtained through several methods like phishing over a longer period of time.
It’s also a great opportunity to remind everyone to use separate passwords for all of their different accounts. Access to a Comcast account on its own is dangerous, but that info can also be used to access any account with the same password that uses the Comcast email address, or used to reset account passwords.
