Written By Michael Pawloski And Presented By Ziften CEO Chuck Leaver
The Customers Of Comcast Are Victims Of Data Exfiltration and Shared Hacks Via Other Businesses
The personal info of around 200,000 Comcast consumers was jeopardized on November 5th 2015. Comcast was forced to make this announcement when it emerged that a list of 590,000 Comcast consumer emails and passwords could be acquired on the dark web for a mere $1,000. Comcast argues that there was no security attack to their network but rather it was by means of past, shared hacks from other companies. Comcast further claims that just 200,000 of these 590,000 customers actually still exist in their system.
Less than two months earlier, Comcast had currently been slapped with a $22 million penalty over its unintentional publishing of almost 75,000 customers’ personal details. Rather ironically, these customers had specifically paid Comcast for “unlisted voice-over-IP,” a line item on the Comcast bill that specified that each customer’s info would be kept confidential.
Comcast instituted a mass-reset of 200,000 customer passwords, who may have accessed these accounts prior to the list was put up for sale. While a basic password reset by Comcast will to some extent secure these accounts going forward, this doesn’t do anything to secure those customers who might have reused the exact same email and password combination on banking and credit card logins. If the consumer accounts were accessed before being revealed it is certainly possible that other personal information – such as automatic payment info and street address – were currently obtained.
The bottom line is: Assuming Comcast wasn’t hacked directly, they were the victim of various other hacks which contained data connected to their consumers. Detection and Response systems like Ziften can avoid mass data exfiltration and typically alleviate damage done when these inevitable attacks happen.