A list of over 8000 (4000 after duplicates were removed) Comcast customer usernames and passwords has been floating around the web for the past two months, unprotected. The list was made available on Scribd, a file-sharing website where someone by the name of "vuthanhan2004" had uploaded the list, which had been viewed over 345 times, and downloaded over 25 times, according to an article by the NYTimes.
"It is possible that the people on the list divulged their passwords in response to some kind of phishing message, and that Comcast itself is not to blame," said Kevin Andreyo, an educational technology specialist in Reading, Pa. Mr Andreyo found the list after searching for his email address on a search engine, curious as to what information was being held about him. To his surprise, he found his email and password on the list.
According to the article, Comcast replied, saying that they did not believe the list came from Comcast, which, if true, means the list is more likely to have originated from phishing attacks. Comcast said that the duplicated data in the list and lack of a formal structure made it unlikely to have originated from Comcast. Comcast has announced it will be freezing the email accounts of all those mentioned, and educating them on using secure passwords, as well as offering them McAfee Security Suite, which is freely available to all Comcast customers. It was also pointed out that after duplicates had been removed, the list contained about 4000 user details, as opposed to the original 8000.