Nearly 600,000 Comcast customers' usernames and passwords are for sale on the dark net for $1,000. Comcast denies that it's been breached, and said many of the affected accounts are inactive, but users are encouraged to change their password as a precaution as soon as possible.
Comcast told the Washington Post Monday it will reset the passwords of the approximately 200,000 accounts that are still active from the complete list of 590,000. The company has denied it was breached, and suggested that whoever accessed the passwords harvested them from prior malicious software campaigns, phishing attacks or other third party attacks. The identity of the person selling the credentials on the dark net, a hidden section of the Internet used for criminal activity, could not be verified.
“We're taking this seriously and we're working to get this fixed for those customers who may have been impacted,” a Comcast spokesperson told the Post, “but the vast majority of information out there was invalid.”
The seller tried to prove the list of credentials was legitimate by revealing the username and password for a few dozen accounts, then offering to sell 100,000 accounts for $300. The post attracted at least one sale, according to CSO Online, which speculated Comcast was the customer in that case because of how quickly the company worked to resolve the issue.