Comcast Corp. said 590,000 of its Xfinity subscriber email user names and online passwords were available for sale illegally on the Internet last week, but only about 200,000 subscriber accounts were active and could be potentially compromised.
Comcast, the Philadelphia-based cable TV giant, has been forcing the 200,000 subscribers nationwide to reset their passwords, a company spokeswoman said Tuesday, adding that she did not know how many customers had done so.
When asked whether Comcast had heard from any of these customers, claiming that someone been using their user names or passwords improperly, the spokeswoman said no.
The subscriber accounts in question represent a fraction of the company's customers. Comcast has 22.3 million TV subscribers and 22.9 million high-speed Internet customers across its 39-state franchise.
"This was not a breach of our system," the spokeswoman said, adding that the information "wasn't taken from our servers/databases."
The data theft, the Comcast spokeswoman said, could have been the result of malware, a compromised third-party site with the account data, or some other nefarious method of collecting the information online.
Comcast said it will not offer credit monitoring to affected customers because Comcast itself was not hacked.
CSOonline, which reports on online security and cyber risks, said in a Monday article that the going price for the Comcast subscriber data was $1,000 for all the 590,000 subscriber emails and passwords, or $300 per 100,000 accounts. The theft was also reported on Twitter.
The online trade publication suggested that some of the Comcast data was recycled because so much of it seemed outdated.
Those commenting on the for-sale data online "tagged the seller as a scammer (a black mark among criminals trading in compromised data)," CSOonline said in its story.
Comcast said it did not stop the underground sale for its subscriber data because the majority of the account information was "not valid."
The cable company also said it hadn't asked law-enforcement officials to investigate because it had no information to give them since the theft took place outside its system.
215-854-5897
@bobfernandez1
