The Sophos Naked Security blog reports that a security researcher known as @Flanvel found the leak, posting a screenshot of the dark web advertisement on Twitter. He spends his spare time searching for evidence of data breaches on dark web markets and tipped off CSO writer Steve Ragan after his find. The article quickly began trending on Twitter.
Comcast has since acquired the list itself, on sale for $1,000 in bitcoins. There are over 590,000 email addresses and plaintext passwords detailed but the company claims only 200,000 are active.
Comcast has denied it was the victim of a data breach but the advertisement on the Python Market claimed otherwise. It has not commented on how so many of its customer details could have ended up in one place, claiming the subscribers have likely been the victim of another recent data breach or phishing attack and simply use the same email address and password with Comcast.
The company has reset the passwords of the 200,000 accounts it has confirmed are in the list. It will not be offering credit monitoring to any affected customers because it believes it is not at fault and has not been hacked. The list remains on sale on the Python Market, alongside a number of other dubious advertisements.
The dark web is the name given to websites that exist on the Internet but do not display in public search results. They use special domains to remain hidden and accessible only by those who know exactly where to look. Naturally, this has led to the dark web gaining a reputation for hosting shady illegal marketplaces dealing in everything from databases of hacked companies to drugs and weapons.
The source of the Comcast customer data remains unknown but Ragan writes the case is currently “considered closed.” There is still some speculation as to whether it is phishing data or simply a recycled list as some members of Python Market have since tagged the seller as a scammer. The data appears to have been bought by one person since going on sale but Ragan notes this is likely to have been a Comcast security researcher who paid up so the company could run it through its current customer database to build a list of affected individuals.
