A digital document containing the user names and passwords of some 8,000 Comcast customers has been floating on the web for two months, according to Brad Stone from The New York Times. The list was made available on Scribd, a document sharing service, and was reportedly viewed more than 345 times and downloaded as many as 27 times before it was pulled from the site at the request of the reporter.
For its part, Comcast has stated that it has no reason to believe that the list was leaked from within the company. Instead, they suggest that the compromised account holders may have been the victims of a potentially automated phishing attack and added that only about 700 of these accounts are real – the remaining are not customers, duplicates or older inactive accounts.
At this point is hard to know the actual source of the list but in the meantime users can at least take some comfort in the fact that no other details such as account numbers and billing information was found on it. In response to this issue, Comcast says that all of the affected accounts have been frozen until their owner can be reached and taught on how to use secure passwords and avoid phishing attempts.