Over 4000 Comcast customer passwords exposed

A list of over 8000 (4000 after duplicates were removed) Comcast customer usernames and passwords has been floating around the web for the past two months, unprotected. The list was made available on Scribd, a file-sharing website where someone by the name of 'vuthanhan2004' had uploaded the list, which had been viewed over 345 times, and downloaded over 25 times, according to an article by the NYTimes.

"It is possible that the people on the list divulged their passwords in response to some kind of phishing message, and that Comcast itself is not to blame," said Kevin Andreyo, an educational technology specialist in Reading, Pa. Mr Andreyo found the list after searching for his email address on a search engine, curious as to what information was being held about him. To his surprise, he found his email and password on the list.

According to the article, Comcast replied, saying that they did not believe the list came from Comcast, which, if true, means the list is more likely to have originated from phishing attacks. Comcast said that the duplicated data in the list and lack of a formal structure made it unlikely to have originated from Comcast. Comcast has announced it will be freezing the email accounts of all those mentioned, and educating them on using secure passwords, as well as offering them McAfee Security Suite, which is freely available to all Comcast customers. It was also pointed out that after duplicates had been removed, the list contained about 4000 user details, as opposed to the original 8000.

Report a problem with article
Previous Story

Review: Noby Noby Boy

Next Story

Wrath of the Lich King tops PC game sales in February

19 Comments

Based on an initial analysis of the document, we have identified that only about 700 of these accounts are real. The list was likely generated as the result of a phishing scam or some kind of malware that affected customer computers.

We have no reason to believe that any Comcast systems have been compromised.

The site has removed the document.

We are in the process of freezing access to any customer̢۪s account on that list and are in the process of proactively contacting customers to let them know about this situation and the steps they can take to help protect themselves.

Comcast takes customer privacy very seriously and it is precisely because of times like this that we have been providing free security software and tools for years to help customers protect themselves from phishing scams and malware.

i seriously doubt McAfee or anything else for that matter will protect users from clicking blindly at anything and everything that pops up. I repair tons of systems where users flat out admit that they ignore messages like that, and just click it away, and they also dont care when i recommend that actually read it.

I agree with you but the fact that i only send and receive Comcast email on an iphone for Ebay and I never click on links and I'm smart enough to know not to give my credentials up to anybody for any reason tells me this was a result of Comcast and not a phishing scheme.

boogerjones said,
I'd like to think a company like that stores hashes in their databases instead of raw passwords.

The list didn't come from their database directly. It was either already decrypted, or the logins were found through phishing instead of being stolen from Comcast.

Either way, what does anyone expect from Comcast? Too bad those stuck with it as their only cable broadband provider HAVE NO CHOICE but to continue using it. Some Dick Cheney @&*$^!*@&$*!%$ is going to say we can't regulate the industry, but what else is going to get monopolistic companies like Comcast to reform?

"According to the article, Comcast replied, saying that they did not believe the list came from Comcast"

As if I need another reason to hate Comcast. Its funny how no other company I do business with has as many issues as Comcast. And they are always quick to dismiss blame.

List of problems I've had with Comcast:
Caller Id comes up in someone elses name... even though I ported the number
Call waiting second call goes to a doctors office.
DVR doesn't record the shows I want
DVR records shows that aren't set to record
DVR records a 60 minute show, says it recorded 690 minutes... and fills the hard drive
Stations I pay for say "please wait"
Customer service says its a problem with the line in my house.... which was installed by Comcast
Scheduled to add cable to my bedroom, tech came, told me he didnt have enough time, said he would come back the following Tuesday....that was 2 months ago still no tech.
My Comcast email used for Ebay on which I have active sales is now locked... with no contact from Comcast as to unlocking it.

Just checked Verizon Fios availablity in my area and its now available!!! This is great because the last time I complained about service to a Comcast rep they specificly said to me "Who are you going to switch to? FIOS isn't available in your area yet" Well, now it is!!!!!


"Who are you going to switch to? FIOS isn't available in your area yet"

That's when I get really sarcastic and tell them something like, "A string and two cans would be better than you morons."

TOOLaudiofan said,
"According to the article, Comcast replied, saying that they did not believe the list came from Comcast"

As if I need another reason to hate Comcast. Its funny how no other company I do business with has as many issues as Comcast. And they are always quick to dismiss blame.

List of problems I've had with Comcast:
Caller Id comes up in someone elses name... even though I ported the number
Call waiting second call goes to a doctors office.
DVR doesn't record the shows I want
DVR records shows that aren't set to record
DVR records a 60 minute show, says it recorded 690 minutes... and fills the hard drive
Stations I pay for say "please wait"
Customer service says its a problem with the line in my house.... which was installed by Comcast
Scheduled to add cable to my bedroom, tech came, told me he didnt have enough time, said he would come back the following Tuesday....that was 2 months ago still no tech.
My Comcast email used for Ebay on which I have active sales is now locked... with no contact from Comcast as to unlocking it.

Just checked Verizon Fios availablity in my area and its now available!!! This is great because the last time I complained about service to a Comcast rep they specificly said to me "Who are you going to switch to? FIOS isn't available in your area yet" Well, now it is!!!!!

used to do comcast tech support
ur not alone, 80% of my calls were ppl like u, 15% were ppl whod beg for help and have already lost hope, 5% were good calls
I was able to help most of my customers, but i knew very well theyd be callin back and that they hated the company but didnt wanna blow up on an employee who did nothing 2 them
Oh and, when i worked there they repeatedly kept taking away our abilities to help ppl by limiting our access, and all wed do is escalate tickets to people who were REALLY dumb..whod not even read the ticket and throw it away(i used to follow up on em)

Neoauld said,
used to do comcast tech support
ur not alone, 80% of my calls were ppl like u, 15% were ppl whod beg for help and have already lost hope, 5% were good calls
I was able to help most of my customers, but i knew very well theyd be callin back and that they hated the company but didnt wanna blow up on an employee who did nothing 2 them
Oh and, when i worked there they repeatedly kept taking away our abilities to help ppl by limiting our access, and all wed do is escalate tickets to people who were REALLY dumb..whod not even read the ticket and throw it away(i used to follow up on em)

Jesus, and I though working for AT&T Mobility was bad. AT&T's idea of fixing a problem is selling the customer hundreds of dollars worth of phones and accessories.

TOOLaudiofan said,

Jesus, and I though working for AT&T Mobility was bad. AT&T's idea of fixing a problem is selling the customer hundreds of dollars worth of phones and accessories.

oh we were still expected to turn these calls in sales
i once had a supervisor tell me a sale is more important than helping the customer

Don't they store the passwords as secure hashes? Unless their IT department is criminally stupid there's no way the data could have come from Comcast.

Yea, something like this I would find it hard to believe it was a comcast leak...now if there were 7 digit counts, thatd be different...that would be far fetched for phishing

vuthanhan2004 = Vu Thanh An
He is a Vietnamese song writer born in 1941, who's well known for his classic love songs.
Just some factoid...

Commenting is disabled on this article.