A digital document containing the user names and passwords of 8,000 Comcast customers has been sitting on the Internet for two months - but Comcast tells the New York Times that it doesn't believe that the document came from within the company.
Instead, the company thinks the list was related to a phishing attack or something similar because the list contained duplicate entries and was lacking "structured information" such as account numbers. Basically, it sounds like the company is shifting the blame back on the customer.
The Times reported that statistics on Scribd - the online document-sharing service the hosted the document - indicated that itt was uploaded by a person with the username vuthanhan2004, had been viewed more than 345 times and downloaded 27 times. The document was taken down after the Times contacted Scribd.
In the meantime, what is Comcast doing about that piece of this story? Well, they're freezing the e-mail accounts of the customers whose names were on the list. And they'll be reaching out to educate them about using safe passwords.
As a Comcast customer whose name may or may not be on that list, I'd like a bit more than a frozen e-mail account and a lesson on passwords. I'd like to know that Comcast is looking closer at the matter, working with Scribd and the authorities to identify vuthanhan2004 and make sure that it didn't come from inside. Is vuthanhan2004 a Comcast employee, perhaps?
Hopefully, we haven't heard the last of this. Maybe Comcast will come back in a few days to say that, following an investigation, it appears that the list did not come from inside. Or that it did, but that it was an isolated incident by a disruntled ex-employee. Or something that sends a message that Comcast is, in fact, taking steps to make sure sensitive customer information is always protected.