Some observers note that 590,000 Comcast e-mail addresses and accompanying password recently showed up on several Darknet markets over the last week (for about $300 per 100,000 addresses). I've confirmed with Comcast that the user data (first spotted by CSO.com) is genuine.
Comcast notes that only about 200,000 of the accounts were currently active, and the company is in the process of resetting all of the accounts' passwords.
The cable operator also stated that the password resets will be dealt with on a case-by-case basis. The company also claims it's certain that none of their systems or apps were currently compromised, meaning these individuals were likely the target of malware, phishing attacks, or a previous data breach elsewhere.
1st step. Tell press that hardly anything was touched, blame other sources, be firm in that any additional critical information was not compromised. Wait two weeks - story moves to back pages 2nd step. Give more information that the hack compromised more than what was initially released. State the it seems they may have more passwords/names than originally thought. Wait two weeks - story basically out of main stream media 3rd step. Release that all information was obtained by hackers. CC Numbers, names, addresses, and everything else needed for identify theft. Inform that they will pay for one years worth of credit monitoring.
Credit monitoring is cool and all, but when you watch your credit and all of a sudden see a ton of activity, guess who gets to handle it and TRY to fix it? You. Good luck.