Nearly 600,000 Comcast customers’ usernames and passwords are for sale on the dark net for $1,000. Comcast denies that it’s been breached, and said many of the affected accounts are inactive, but users are encouraged to change their password as a precaution as soon as possible.
Comcast told the Washington Post Monday it will reset the passwords of the approximately 200,000 accounts that are still active from the complete list of 590,000. The company has denied it was breached, and suggested that whoever accessed the passwords harvested them from prior malicious software campaigns, phishing attacks or other third party attacks. The identity of the person selling the credentials on the dark net, a hidden section of the Internet used for criminal activity, could not be verified.
“We’re taking this seriously and we’re working to get this fixed for those customers who may have been impacted,” a Comcast spokesperson told the Post, “but the vast majority of information out there was invalid.”