Daily cyber threats and internet security news: network security, online safety and latest security alerts
March 17th, 2009

Customers Passwords Of Comcast’s Social Publishing Site Scribd Exposed

A list of user names and passwords for customers of Comcast, one of the nation’s largest Internet service providers, sat unprotected on the Web for the last two months. The list was 8,000 lines long, but Comcast said late Monday that just 700 of those lines contained information for active customer accounts. The other names on the list are either not customers, duplicates or older inactive accounts (no e-mail address currently).

Kevin Andreyo, an educational technology specialist in Reading, Pa., and a professor at Wilkes University, came across the list Monday on Scribd, a document-sharing Web site. He was reading a recent article in PC World entitled “People Search Engines: They Know Your Dark Secrets… And Tell Anyone,” when he was inspired to find out what information about him was online. He searched for his own e-mail address on the search engine Pipl.

The list on Scribd was one of four results, and it also included his password, which was a riff on his love for a local sports team. Statistics on Scribd indicated that the list, which was uploaded by someone with the user name vuthanhan2004, had been viewed over 345 times and had been downloaded 27 times.

Mr. Andreyo informed Comcast, the F.B.I. and several technology journalists about the file on Monday morning, but the document disappeared only at 1:45 p.m. when I contacted Scribd about it.

“That isn’t just my password for Comcast, it’s my password for everything that is not tied to my credit card,” Mr. Andreyo said in an interview. “It’s one thing to publish a credit card number, but to hand over user IDs and passwords for accounts is another. Someone could just go in and pull up all your archived messages, and then they have everything about you.”

Comcast said it did not believe the information came from inside the company, pointing to duplicated data on the list and the lack of structured information like account numbers. “We have no reason to believe this came from Comcast. It looks like a phishing or related type of scheme,” said Jennifer Khoury, a Comcast spokeswoman. (Asked about this possibility earlier today, Mr. Andreyo said that he doubted he was ever the victim of a phishing scheme.)

Ms. Khoury said that Comcast was freezing the e-mail accounts of the customers on the list and contacting them to educate them about using safe passwords. She said the company would also urge them to download McAfee Security Suite, software that is made available free to all Comcast users.

Credit: Brad Stone, Bits

Share this article with others:

More on CyberInsecure:
  • Exposed Clear Text Users Passwords During Server Error
  • WellPoint Customers Private Information Exposed
  • SQL Injection Flaw Exposes 32 Million Accounts Passwords
  • Honda Suffers Data Breach, Personal Information Of 283,000 Customers Exposed
  • European Space Agency Website Hacked, FTP And Email Passwords Leaked

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Customers Passwords Of Comcast’s Social Publishing Site Scribd Exposed

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.