How many victims? 8,000 were on the list but Comcast originally told the New York Times that because of duplicates, about 4,000 were really exposed. In a later email to SCMgazineUS.com a Comcast spokesman said that after reviewing the file, the company determined that 700 accounts were exposed.
What type of personal information? Comcast usernames and passwords.
What happened? Kevin Andreyo, an educational technology specialist in Reading, Pa., and a professor at Wilkes University, came across the list while searching for his own e-mail address on the search engine Pipl. Andreyo's information was exposed on the list.
Andreyo informed Comcast, the FBI and several technology journalists about the breach on Monday morning, and the document disappeared that afternoon.
Details: The information was unprotected on the web for the last two months. Statistics on Scribd indicated that the list was uploaded by someone with the user name vuthanhan2004. It had been viewed over 345 times and downloaded 27 times.
What was the response? Comcast said it did not believe the information came from inside the company, because of the duplicated data on the list and the lack of structured information like account numbers.
Comcast is freezing the e-mail accounts of the customers on the list and contacting them to educate them about using safe passwords. The company is also urging them to download McAfee Security Suite, software that is made available free to all Comcast users.
Quote: “We have no reason to believe this came from Comcast. It looks like a phishing or related type of scheme,” said Jennifer Khoury, a Comcast spokeswoman.
Source: NYTimes.com, Bits Blog, “Passwords of 8,000 Comcast Customers Exposed,” March 16, 2009.