America’s most-hated company is facing even more criticism this week – but for once it might not deserve it.
Comcast has announced that 200,000 of its customers will need to reset their passwords owing to a post on the dark web offering 590,000 user emails and passwords for just $1,000.
Comcast insists, however, that it hasn’t been hacked and that the login credentials are recycled information derived from phishing attacks that hit other companies.
For the eagle-eyed, you’ll notice that Comcast isn’t contacting the owners of the 590,000 leaked records – because 60% of them are no longer active.
“We’re taking this very seriously and we’re working to get this fixed for those customers who may have been impacted, but the vast majority of information out there was invalid,” Comcast said in a statement.
Previously leaked data being misconstrued as the result of a fresh data breach isn’t uncommon. Many organisations – especially large ones – actively search the dark web for credentials matching those of their customers. This is to protect both the customer and the organisation from a data breach.
If Comcast is correct in saying that this breach wasn’t the result of a hack of its systems, then it’s done well by informing its customers that their data is out there.
This incident further demonstrates why it’s vital that people use unique passwords for every single account that they own. It reduces the possibility of a single data breach compromising multiple accounts, as well as saving them from having to change several passwords each time a website gets hacked.