TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
 ·Sprint Mobile Broa..
 ·Comcast
2 edits |  Passwords of 8,000 Comcast Customers Exposed
»bits.blogs.nytimes.com/2009/03/1···exposed/
Passwords of 8,000 Comcast Customers Exposed
A list of more than 8,000 user names and passwords for customers of Comcast, one of the nation’s largest Internet service providers, sat unprotected on the Web for the last two months.
Kevin Andreyo, an educational technology specialist in Reading, Pa., and a professor at Wilkes University, came across the list Monday on Scribd, a document-sharing Web site.
Statistics on Scribd indicated that the list, which was uploaded by someone with the user name vuthanhan2004, had been viewed over 345 times and had been downloaded 27 times.
Mr. Andreyo informed Comcast, the F.B.I. and several technology journalists about the breach on Monday morning, but the document only disappeared at 1:45 p.m. when I contacted Scribd aboutit.
I have asked Comcast how the information got online. It is possible that the people on the list divulged their passwords in response to some kind of phishing message, and that Comcast itself is not to blame. Will Comcast notify users their passwords may have been stolen?
If you want to check and see if your id & pw was exposed, it is still available on Google search cache:
»www.scribd.com/doc/9723141/ComCa···lang_en" >209.85.173.132/search?q=cache:u_···=lang_en |
|
AVonGauss
Premium,MVM
join:2007-11-01
Boynton Beach, FL
| And the update answers your very question...
Update: Comcast said it did not believe the information came from inside the company, pointing to duplicated data on the list and the lack of structured information like account numbers.
“We have no reason to believe this came from Comcast. It looks like a phishing or related type of scheme,” said Jennifer Khoury, a Comcast spokeswoman. (Asked about this possibility earlier today, Mr. Andreyo said that he doubted he was ever the victim of a phishing scheme.)
Ms. Khoury said that Comcast was freezing the e-mail accounts of the customers on the list and contacting them to educate them about using safe passwords. She said the company would also urge them to download McAfee Security Suite, software that is made available free to all Comcast users.
As inconvenient as it is, people should really be using different passwords for each web site until a better scheme is developed and widely adopted to secure accounts. |
|
tshirt
Premium,MVM
join:2004-07-11
Snohomish, WA
·Comcast
| reply to TKJunkMail
Already being done.
"Ms. Khoury said that Comcast was freezing the e-mail accounts of the customers on the list and contacting them to educate them about using safe passwords"
Noitice the named discoverer, Kevin Andreyo admitted in the article that has comcast password was his usual online password for EVERYTHING except his bank.
Net security relies on EVERYONE, individually, to not make stupid choices so comcast's choice to educate, beyond the basic notification is a good idea.
Perhaps they should begin a proactive education campaign for ALL subscribers, before this happens again. |
|
comcastcares
join:2007-11-20
Philadelphia, PA
| reply to TKJunkMail
I wanted to provide a quick update. First as the posts here indicate, it is important for everyone to be vigilant regarding Phishing attacks. We do have the McAfee software available for free to Comcast Customers at security.comcast.net. After reviewing the list in more detail there were about 700 active accounts. The others were inactive. We will reach out to those impacted. |
|
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ
·Sprint Mobile Broa..
·Comcast
| said by comcastcares  :I wanted to provide a quick update. First as the posts here indicate, it is important for everyone to be vigilant regarding Phishing attacks. We do have the McAfee software available for free to Comcast Customers at security.comcast.net. After reviewing the list in more detail there were about 700 active accounts. The others were inactive. We will reach out to those impacted. Glad to hear it. Fast work by Comcast after they became aware of the problem.
--
My BLOG .. .. Internet News .. .. My Web Page |
|
TKJunkMail
Enjoy the sun
Premium
join:2002-03-03
Avalon, NJ | Re: Passwords of 8,000 Comcast Customers Exposed
Falling for phishing attacks is the users fault. You can't blame ISPs for the moronic action of their users. |
|
excuses excuses
@verizon.net
| said by TKJunkMail :Falling for phishing attacks is the users fault. You can't blame ISPs for the moronic action of their users. Sounds like Comcast is "fishing" for an excuse, they did not and cannot prove that that users were giving out their usernames and passwords, they most likely had a breach on their network. |
|
TROLL131313
join:2004-12-21
Horsham, PA
·Comcast
| said by excuses excuses :said by TKJunkMail :Falling for phishing attacks is the users fault. You can't blame ISPs for the moronic action of their users. Sounds like Comcast is "fishing" for an excuse, they did not and cannot prove that that users were giving out their usernames and passwords, they most likely had a breach on their network. If there were account numbers and other personal information listed, then I would believe it was a breach of CC's inner system.
The only other cause I can think of, is when CC's home.net domain got hacked. It could be a list of users that tried to log in at that time. But still, if that were the case, there would be more info then what was found. |
|
excuses excuses
@verizon.net
thumbs down from:
TKJunkMail
| said by TROLL131313 :said by excuses excuses :said by TKJunkMail :Falling for phishing attacks is the users fault. You can't blame ISPs for the moronic action of their users. Sounds like Comcast is "fishing" for an excuse, they did not and cannot prove that that users were giving out their usernames and passwords, they most likely had a breach on their network. If there were account numbers and other personal information listed, then I would believe it was a breach of CC's inner system. The only other cause I can think of, is when CC's home.net domain got hacked. It could be a list of users that tried to log in at that time. But still, if that were the case, there would be more info then what was found. I agree, but for Comcast to come out of the starting gate and blame users without knowing what really happened is still a lame excuse. |
|
JSRoman
Premium
join:2005-03-10
Callahan, FL | Is that what they said? You need to read Comcast's response again. |
|
avd706
insert annoying animated gif here
Premium
join:2003-02-06
Union, NJ
1 edit | said by JSRoman :Is that what they said? You need to read Comcast's response again. quote:
I wanted to provide a quick update. First as the posts here indicate, it is important for everyone to be vigilant regarding Phishing attacks. We do have the McAfee software available for free to Comcast Customers at security.comcast.net. After reviewing the list in more detail there were about 700 active accounts. The others were inactive. We will reach out to those impacted.
There is an implication that it is the users fault for getting fished or allowing malware on their systems. |
|
AVonGauss
Premium,MVM
join:2007-11-01
Boynton Beach, FL
| reply to excuses excuses
said by excuses excuses :
I agree, but for Comcast to come out of the starting gate and blame users without knowing what really happened is still a lame excuse.
In fairness, you are doing exactly what you are accusing Comcast of doing. In truth, none of us know really how that list was created or how it got posted other than the user name used to post it.
Until further investigations turn up more avenues to pursue, I think Comcast has done all that they can at the moment by disabling the accounts temporarily until they can get in contact with the customer by an alternate means. |
|
S_engineer
join:2007-05-16
Chicago, IL
·Comcast
| reply to AVonGauss
Re: Passwords of 8,000 Comcast Customers Exposed
Comcast came out of the box blaming the customer ....whether they are right or wrong regarding the strength of user passwords is irrelevant. This shows that either ....
-A comcast employee posted these or leaked it to someone that did or
-They can't secure your passwords from someones phishing expedition
Either way, this is by no means is the consumers fault!
The McAfee suite is a terrible excuse for a preventative software suite. Why not just offer CA brand anti virus...
--
"When I was in junior high school, the teachers voted me the student most likely to end up in the electric chair."---Sylvestor Stallone |
|
AVonGauss
Premium,MVM
join:2007-11-01
Boynton Beach, FL
1 edit | said by S_engineer :-They can't secure your passwords from someones phishing expedition Other than education, how exactly does a web site or company prevent or otherwise secure a user from a phishing expedition? |
|
rody_44
Premium
join:2004-02-20
Quakertown, PA
·Comcast
1 edit | reply to TKJunkMail
you would be surprised but very very few people from within comcast would even have access to both the user name and password. the user name yes, the password no. they are not comcast generated passwords from within comcast so its safe to assume its a phishing scheme. |
|
normanbatez
join:2008-08-07
| reply to TKJunkMail
the encryption technology used for emails no one would actually have access... the list consisted of the same email address multiple times and no account information this was phishing or a virus like they indicated. I am sure comcast just wanted to make sure their customer's were not alarmed by releasing information stating it was not an internal leak they will figure out the cause of it by comparing the customer's that were affected. |
|
