Comcast, the American media giant, has announced its intention to reset hundreds of thousands of accounts after 600,000 profile details, including passwords, were posted for sale online.
While only 200,000 of those details were confirmed to be still active, Comcast will still reset those credentials.
Over the weekend, the advertisement of the sale was posted to twitter, charging US$ 1,000 (£659) for the details
Anyone notice the 590K emails/plaintext passwords allegedly from Comcast being sold? pic.twitter.com/jbASQP0E2Y— flanvel (@flanvel) November 7, 2015
But how did so many of those details become essentially public? Comcast has denied that it was the victim of a data breach. ZDNet, a cyber-publication, argued that the details may have been stolen from a third party involved with Comcast.
CSOonline, the publication that first reported the theft, spoke to Comcast which said that “customers impacted by the password resets will be dealt with on a case-by-case basis.”
“When asked, a Comcast representative confirmed that its security teams were certain that none of its systems or apps had been compromised.”
CSOonline went on to speculate that the data may be have been stolen via phishing scams, or have been taken “during one or more of the massive data breaches that have gone public over the last few years.”