Written By Michael Pawloski And Presented By Ziften CEO Charles Leaver
The Consumers Of Comcast Are Victims Of Data Exfiltration and Shared Hacks Via Other Companies
The private details of roughly 200,000 Comcast customers was compromised on November 5th 2015. Comcast was forced to make this announcement when it came to light that a list of 590,000 Comcast consumer emails and passwords could be bought on the dark web for a token $1,000. Comcast maintains that there was no security attack to their network but rather it was through past, shared hacks from other businesses. Comcast further claims that just 200,000 of these 590,000 customers actually still exist in their system.
Less than two months previously, Comcast had currently been slapped with a $22 million fine over its accidental publishing of almost 75,000 clients’ personal information. Somewhat ironically, these customers had actually particularly paid Comcast for “unlisted voice-over-IP,” a line item on the Comcast bill that specified that each client’s information would be kept private.
Comcast instituted a mass-reset of 200,000 client passwords, who might have accessed these accounts before the list was put up for sale. While a basic password reset by Comcast will to some extent secure these accounts moving forward, this doesn’t do anything to secure those consumers who might have recycled the same e-mail and password combination on banking and credit card logins. If the customer accounts were accessed prior to being disclosed it is certainly possible that other individual information – such as automatic payment info and home address – were already obtained.
The bottom line is: Assuming Comcast wasn’t attacked directly, they were the victim of numerous other hacks which contained data connected to their clients. Detection and Response solutions like Ziften can avoid mass data exfiltration and often reduce damage done when these inescapable attacks occur.