If we had to believe news reports, one hacker had sold , Comcast Corporation, formerly registered as Comcast Holdings is an American multinational mass media company and the largest broadcasting and largest cable company in the world by revenue, customers’ account information.
A news published in Chicago Tribune confirms that the concerned company has notified its 200,000 customers to change their email passwords after discovering their account information had been sold online via one website named “the dark web”, which is a collection of websites using anonymity tools to evade surveillance.
The spokesperson of Comcast confirmed that some 590,000 customers’ email accounts, including their names and passwords were put online for selling.
"The vast majority of the information that's out there was not accurate," Comcast spokeswoman said. "We discovered that about a third of the 590,000 were accurate.”
The hacker, who sold the account information, dubbed Orion said that he obtained the credentials when he popped a Comcast mail server in December 2013.
He told Vulture South that the breach yielded 800,000 Comcast credentials of which 590,000 contained cleartext passwords.
"So in 2013 December the f****s at NullCrew came across an exploit for Zimbra which Comcast used at this domain *****.comcast.net ," Orion says. "NullCrew only got [about] 27k emails with no passwords lol while I got 800k with only 590k users with plaintext passwords."
However, the company said it had "no evidence" of the December breach in which the then Zimbra directory traversal vulnerability (CVE-2013-7091) was exploited to gain access to the credentials.