Written By Michael Pawloski And Presented By Ziften CEO Charles Leaver
The Clients Of Comcast Are Victims Of Data Exfiltration and Shared Hacks Via Other Companies
The personal info of approximately 200,000 Comcast consumers was jeopardized on November 5th 2015. Comcast was forced to make this announcement when it emerged that a list of 590,000 Comcast customer e-mails and passwords could be bought on the dark web for a mere $1,000. Comcast maintains that there was no security attack to their network however rather it was through past, shared hacks from other companies. Comcast further claims that just 200,000 of these 590,000 consumers actually still exist in their system.
Less than 2 months previously, Comcast had actually already been slapped with a $22 million penalty over its unintentional publishing of nearly 75,000 consumers’ personal details. Somewhat ironically, these consumers had actually specifically paid Comcast for “unlisted voice-over-IP,” a line item on the Comcast bill that specified that each consumer’s details would be kept private.
Comcast instituted a mass-reset of 200,000 client passwords, who may have accessed these accounts prior to the list was offered. While a basic password reset by Comcast will to some extent secure these accounts going forward, this does nothing to secure those customers who might have recycled the same e-mail and password combination on banking and payment card logins. If the client accounts were accessed prior to being divulged it is definitely possible that other individual information – such as automatic payment info and home address – were currently obtained.
The conclusion to this: Presuming Comcast wasn’t hacked directly, they were the victim of numerous other hacks which contained data connected to their consumers. Detection and Response systems like Ziften can avoid mass data exfiltration and frequently alleviate damage done when these inevitable attacks occur.