Comcast Corporation, an American multinational mass media company found its user’s login credentials sold on the dark web during the weekend and asked its users to reset their passwords on Monday.
According to official sources, over 200,000 users are affected from the breach and are asked to reset their passwords with immediate affect.
The hacked credentials contain email ids and associated passwords. The data was sold on what is known as the black market of the internet “the dark web”
The dark web consists of networks that can only be accessed via specific software; they can’t be accessed over the public internet. Darkweb has always been used for trading things that are not legal to sell on the public internet and a perfect platform for hackers to sell leaked stuff.
In the past, child abuse images, stolen Spotify accounts and Bogus NYPD badges were also available for sale on the dark web.
Comcast found over 590,000 login credentials sold by the hackers of which at least 33 percent were genuine while the price set for these accounts was $1000 for the complete list and $300 for 100,000 credentials, reports the CSO.
Right after Comcast found this; they put all the accounts on verification and right after the verification required a password reset. But, the most intriguing fact of this breach is that all this data didn’t come off the breach of Comcast’s network, it’s a compiled data of many different breaches or steals from the hackers carried out recently or in the past.
“There’s no evidence that this is a breach, but we are working with the customers who were impacted to secure their account,” said Comcast spokeswoman Jenni Moyer.
The company believes customers are the ones to blame as they believe the customers are tricked into exposing their login credentials by the hackers through some malware, according to The Washington Post.
But, 200,000 users tricked into downloading and executing a malware is something difficult to believe, though, for some users it might be true. Overall the leaked data may have been picked up from numerous resources and past breaches of the company’s network might be one of those sources.
Comcast has over 28 million users so 200,000 is a very small portion of that, but it still is a theft and shows how vulnerable user data is.
Anyone notice the 590K emails/plaintext passwords allegedly from Comcast being sold? pic.twitter.com/jbASQP0E2Y
— flanvel (@flanvel) November 7, 2015
Furthermore, the company claims that leaked data is not enough to steal user’s credit card details so not much to worry about. But, a fact about users and password really make things interesting. Most users have same passwords on all the networks to allow them to remember passwords easily.
So, what it means is that if a hacker leaks password of an account he has basically leaked passwords of many other networks and even if the users change their hacked password they have given hackers that one hint he is looking for stealing passwords.
Only way out is to keep a strong password for all the accounts you make otherwise hackers can cause you a lot of damage.
Comcast Corporation, formerly registered as Comcast Holdings, is an American multinational mass media company and is the largest broadcasting and largest cable company in the world by revenue.
The Washington Post