US internet and cable TV provider Comcast has had to reset the passwords of 200,000 customer accounts after discovering that a huge list of Comcast customer details was being sold on a dark web marketplace.
The list, which consisted of 590,000 email addresses and passwords, was discovered on the dark web over the weekend by Twitter user @flanvel, who contacted IT security magazine CSO, however CSO reports that when it contacted the provider, Comcast had already obtained a copy of the list and was checking it against its customer base.
The dark web is a section of the internet not discoverable by conventional means through a Google or Bing search, or by directly entering a website URL.
As the websites are hidden, they are perfect for cyber criminals, who put thousands of goods and services for sale on secret underground marketplaces, which include illegal drugs, chemicals, firearms and counterfeit goods, as well as adverts for services such as hacking, gambling and sports betting.
Comcast account details list selling for $1,000
Comcast's security team found that out of the 590,000 customer accounts listed, only 200,000 accounts were still active, meaning that 60% of the list was based on outdated or false information, but just to be safe, the provider decided to reset the affected accounts anyway.
However, the list of Comcast customer details was selling for a pretty penny on the dark web – the seller was selling 100,000 accounts for $300 (£199), or you could choose to buy the entire list for $1,000.
Comcast told telecoms magazine FierceCable that the customer email addresses and passwords were likely obtained through the "online activities" of its customers, and stressed that its servers had not been hacked.
Passwords stolen in phishing attacks
So, for example, customers might have been fooled by a phishing scam, whereby a spam email sends the person to a fake website masquerading as a real Comcast login page, and the user is fooled into entering account details, or perhaps the person clicks on an email attachment and it installs malware on to the customer's computer.
On the plus side, the post on the dark web marketplace has only seen one sale, which could well be from Comcast itself, and since 60% of the list consisted of old recycled account details that were no longer accurate, hackers probably won't have confidence in buying from the seller.
With the customer passwords reset, to Comcast the matter is closed, but perhaps the provider should invest in better cybersecurity education for is customers, as a 9 November blog post on the Comcast website entitled "Rolling up our sleeves with the cybersecurity leaders of tomorrow" ironically urges.