Social Search Reveals 700 Comcast Customer Logins 158
nandemoari writes "When educational technology specialist Kevin Andreyo recently read a report on people search engines, he decided to conduct a little 'people search' on himself.
Andreyo did not expect to find much — so, imagine the surprise when he uncovered the user name and password to his Comcast Internet account, put out there for the entire online world to see.
In addition to his personal information, Andreyo also discovered a list that exposed the user names and passwords of (what he believed) to be 8,000 other Comcast customers. Andreyo immediately contacted both Comcast and the FBI, hoping to find the ones responsible for divulging such personal information to the public.
While the list is no longer available online, analysts fear that the document still lives on in various cache and online history services."
How far is it spread? (Score:5, Insightful)
If I had to take a guess, I'd say email or online customer accounts (although I don't recall having one during my painful time with Comcast), which either opens up either a financial or spam-exploitable security issue, not sure which.
Re:Aggressive Social Sites (Score:3, Insightful)
Re:Comcast has Passwords? (Score:3, Insightful)
Best Way To Stay Anonymous? (Score:3, Insightful)
Have a really, really common name.
Re:I haxxored Comcast... (Score:1, Insightful)
Re:Aggressive Social Sites (Score:4, Insightful)
Re:While the list is no longer available online (Score:1, Insightful)
I think a lot of people would see it as "impolite" or worse. I would want disclosure, but the technologically illiterate would see it as a violation. Still, they are better off knowing.
I won't be writing that script. :0)
Re:I haxxored Comcast... (Score:3, Insightful)
Re:How do I establish whether I am still a victim? (Score:3, Insightful)
They recommend setting the maximum password age to 42 days too. And the default is to remember the last 24 passwords and stop people reusing them.
And that's when PostIts start to appear because people are fed up with remembering a new variant of "89fZ#9I$" every month.
So you've substituted one security problem for another.
Password expiration isn't all that it's cracked up to be.
Re:I'll Give Even Comcast the Benefit of Doubt (Score:3, Insightful)
I work at a software company. In security.
The software engineering team is absolutely certain they don't want corporate IT security anywhere near their precious development process. We would just slow things down. So they all put "security expert" on their resumes and said they don't need us, they know what they're doing, etc..
Yeah, every app they use has totally botch authentication--plaintext password storage, unsalted hashes--you name the security mistake, these "expert" developers ship it in our top-dollar "enterprise" software.