strong>Comcast user emails were the commodity offered on the dark web. Some 590,000 email accounts were on the marketplace and 200,000 were considered to be at risk.
The price being asked for the stolen information was $1,000. Since the accounts are somewhat of a bother on their own, passwords were included. According to CSO, the seller delivered up a little over a hundred accounts to show they were legit and originally had them up at 100,000 for $300.
Over the weekend Comcast began informing users of the breach sometime after being contacted about the database being up and for sale and matching everything with its current database of users. In addition to notifying users of the breach, Comcast also took the steps of resetting passwords.
As it turns out, only the 200,000 or so accounts at risk were the active ones. This isn’t to say that the rest of the database is of no use as something can be found even in defunct emails whether it be payment information that is still active or private correspondence.
As for the active accounts, CSO points out that the accounts could’ve been exposed as a result of previous breaches. In September, Comcast just settled at $33 million for a breach where users who paid to have their information kept private ended up having their information available in public listings such as phone books. Those users each received $100 each while the majority of the settlement went to state agencies and law enforcement.