Written By Michael Pawloski And Presented By Ziften CEO Chuck Leaver
The Clients Of Comcast Are Victims Of Data Exfiltration and Shared Hacks Via Other Businesses
The private information of roughly 200,000 Comcast customers was compromised on November 5th 2015. Comcast was required to make this announcement when it emerged that a list of 590,000 Comcast consumer e-mails and passwords could be acquired on the dark web for a token $1,000. Comcast maintains that there was no security breach to their network but rather it was through past, shared hacks from other businesses. Comcast even more declares that only 200,000 of these 590,000 customers really still exist in their system.
Less than 2 months earlier, Comcast had actually already been slapped with a $22 million fine over its unintentional publishing of nearly 75,000 consumers’ personal information. Somewhat paradoxically, these customers had particularly paid Comcast for “unlisted voice-over-IP,” a line item on the Comcast bill that specified that each client’s information would be kept confidential.
Comcast instituted a mass-reset of 200,000 client passwords, who may have accessed these accounts prior to the list was put up for sale. While an easy password reset by Comcast will to some extent safeguard these accounts moving forward, this doesn’t do anything to safeguard those clients who may have recycled the very same email and password mix on banking and charge card logins. If the consumer accounts were accessed before being divulged it is definitely possible that other individual details – such as automated payment information and home address – were already obtained.
The bottom line is: Assuming Comcast wasn’t attacked directly, they were the victim of numerous other hacks which contained data connected to their consumers. Detection and Response systems like Ziften can prevent mass data exfiltration and often reduce damage done when these inescapable attacks happen.