Tuesday, March 17, 2009

It turns out that comcast compromises 8,000 users passwords and usernames, accidentally making them public, oopsy doodle!!!

This is a great story brought to you courtesy of dailytech.com, the link can be found here - comcast oopsy doodles 8,000 of its customers

Here's the story;

Comcast must now contact thousands of subscribers who've had their e-mail addresses and passwords openly available on the internet

Comcast has been forced to freeze the e-mail accounts of 8,000 Comcast subscribers after a list of usernames and passwords were distributed through document sharing website Scribd, the company confirmed.

Scribd removed the list at the request of Brad Stone from the New York Times, who was informed about the list by a reader who found his e-mail address among the thousands left exposed. Kevin Andreyo, a Reading, PA resident, searched for himself on Pipl before finding his information -- then contacted the F.B.I., Comcast, and several journalists before the information was removed.

"That isn't just my password for Comcast, it's my password for everything that is not tied to my credit card," Andreyo said during a recent interview. "It's one thing to publish a credit card number, but to hand over user IDs and passwords for accounts is another. Someone could just go in and pull up all your archived messages, and then they have everything about you."

Prior to being removed, it was reportedly viewed more than 345 times and was downloaded as many as 27 times.

It's possible that people on the list responded to a phishing scam and Comcast may not be directly to blame for this incident. Furthermore, Comcast said the list was a duplicate so only around 4,000 people had their e-mail addresses compromised -- but that information hasn't been independently confirmed.

"We have no reason to believe this came from Comcast," Comcast spokeswoman Jennifer Khoury told the New York Times. "It looks like a phishing or related type of scheme."