Comcast resets 200,000 passwords offered for sale on Dark Web

Comcast email accounts breached

Comcast says it wasn’t hacked, but hundreds of thousands of its customers may have been, forcing the cable giant to reset passwords of about 200,000 customers.

The forced password reset came after an independent security researcher spotted an ad on a Dark Web marketplace offering 590,000 Comcast subscriber email addresses and plaintext passwords for $1000 in bitcoins.

A Comcast representative said the company acquired the list of customer accounts and discovered that only 200,000 of them were active, and is “working to get this fixed for those customers who may have been impacted,” according to the Washington Post.

The researcher, @Flanvel, posted an image of the dark forum ad on Twitter and tipped off writer Steve Ragan, whose story on CSO became the top-trending topic on Twitter on Monday (9 November).

@Flanvel discovered the ad on a Dark Web forum called Python Market, at a .onion address on the Tor network, he told me via Twitter direct message.

A self-described “Hacker | Autodidact | Researcher,” @Flanvel is a 20-year-old from West Virginia whose real name is Corey Wells.

Wells spends a portion of his time searching for data breaches on Dark Web markets, either manually or using an automated tool he wrote.

“I came across this specific breach just browsing the market for new posts,” Wells told me via DM.

Wells told me he doesn’t want to speculate about how the vendor offering the Comcast data obtained it, but the vendor was claiming it was from a breach of Comcast.

Wells tweeted a link to a Pastebin post from the vendor saying Comcast hasn’t reset all of the passwords, and that “many of them still work just fine.”

However, the sale price of the Comcast customer data had been dropped to $200.

Comcast denied that it was breached and said the account details could have been stolen in any of the giant data breaches of recent years, or the individuals may have had their credentials stolen by phishing or malware attacks.

A Comcast spokeswoman told USA Today that there is “no evidence” of a breach.

Regardless, a cybercriminal could so some damage with the leaked data.

Someone with access to a Comcast customer’s email address and password could use those credentials to log into a user’s Comcast account.

With your account credentials, someone could view your Wi-Fi network name and password, watch streaming videos, make purchases using stored credit card information (credit card details would not be accessible however), and more.

Someone with your Comcast email address and password could also access your email account.

If you’re a Comcast customer, it’s a good idea to change your password.

And if you use the same password on any other accounts (please don’t do that!), change those too.

→ Can’t view the video on this page? Watch directly from YouTube. Can’t hear the audio? Click on the Captions icon for closed captions.

Image of email symbols courtesy of