Comcast resets passwords after logins posted to dark web, but denies breach

About one-third of the accounts up for sale were said to be active, the company confirmed.
Written by Zack Whittaker, Contributor
(Image via CNET/CBS Interactive)

Comcast will reset passwords for about 200,000 customer accounts, after some valid user accounts were posted online.

About 590,000 purported login and password combinations were put up for sale on a dark web marketplace over the weekend. But about one-third of those were active, working logins, the company confirmed.

The broadcast and media giant denied it had fallen victim to a data breach.

A Comcast spokesperson confirmed to ZDNet that the company will reset the password for the subset of customers with working and up-to-date credentials.

On Saturday, a security researcher posted a screenshot on Twitter of a dark web marketplace which showed a portion of the accounts up for sale, according to CSO Online, which was first to report the story. The listing showed the going rate of the cache was about $1,000 in bitcoin.

The seller posted more than a hundred accounts in plain text, including usernames and passwords, to show a level of authenticity

It's not clear where the data came from. With a sizable minority of valid information taken, it's possible that a third-party company may have suffered a data breach, leading to the leak of some valid information.

So far this year, hundreds of millions of records have been stolen by hackers and malicious actors, including healthcare companies, credit agencies acting on behalf of phone carriers, and even the federal vetting agency for government workers.

Editorial standards