Over the weekend, a reader (@flanvel) directed Salted Hashto a post on a Dark Web marketplace selling a number of questionable, if not outright illegal goods. The post in question offered a list of 590,000 Comcast email addresses and corresponding passwords.
As proof, the seller offered a brief list of 112 accounts with a going rate of $300 USD for 100,000 accounts. However, one wished to purchase the entire list of 590,000 accounts, the final price was $1,000 USD.
Saturday evening, Salted Hash contacted Comcast about the account list being sold online. By the time our message reached them, Comcast had already obtained a copy of the list and their security team was checking each record against the ISP’s current customer base.
Of the 590,000 records being sold, only about 200,000 of them were active; meaning that more than 60 percent of the list was based on outdated or false information. However, playing the better safe than sorry card, Comcast will assume the passwords on the matching accounts are valid and force a reset.
Customers impacted by the password resets will be dealt with on a case-by-case basis. When asked, a Comcast representative confirmed that their security teams were certain that none of their systems or apps had been compromised.
The source of the data being sold online is still in question. But given that just over 30 percent of the Comcast records being advertised were active, the majority of the records being sold are almost certainly recycled.
This would mean the active accounts discovered by Comcast were possible Phishing victims, had malware installed on their systems, or had their Comcast email and password exposed during one or more of the massive data breaches that have gone public over the last few years.
Similar lists of Comcast data were circulated earlier last week, and it’s possible the list being sold on the Dark Web included some, if not all of the records in that earlier list.
Many of those commenting on the massive list speculated that it was recycled information – and tagged the seller as a scammer (a black mark among criminals trading in compromised data).
Ironically, one of the places where the earlier list of Comcast accounts was being published was a Reddit discussion about the list of 590,000 accounts on the Dark Web.
For now, the matter is considered closed.
The marketplace ad has generated a single sale since it was posted. The odds are good that Comcast themselves were the customer, especially given how fast they scrubbed the list and reset the handful of exposed accounts.