Comcast: Exposed User Data Not From Internal Leak

— -- Comcast now believes a phishing or malware scam is to blame for exposing hundreds of its customers' user names and passwords. A list containing around 8,000 names was discovered by a PC World reader this week and brought to the company's attention.

The list, which had been posted on document sharing site Scribd, was found by Kevin Andreyo -- a educational technology specialist and university professor in Reading, Pa. Andreyo read our recent report on people search engines and decided to follow its suggestions to see what kind of dirt he could dig up on himself. While detailed personal information is common to those types of searches, Andreyo never expected to come across his actual user name and password for his Internet service provider.

"I thought, 'All right, this doesn’t seem like this should be available to the public,' " he says.

Andreyo went on to contact both Comcast and the FBI. The document is no longer online, though it still lives on in various cache and online history services.

Following its investigation, Comcast has concluded the list did not come from an internal leak, as had initially been speculated by some, but rather from a third-party attack -- most likely phishing- or malware-oriented.

"We're trying to figure out exactly how this information could have been assembled," Comcast spokesperson Charlie Douglas says. "We have no reason to believe, though, that any Comcast system was compromised."

Comcast is in the midst of contacting all of the customers whose data was exposed. After examining the list, the company believes the number of affected users is far less extreme than it first appeared: The majority of the user names, Douglas says, were either duplicates or old and inactive accounts. Only 700 of the 8,000 user names listed, he believes, were actually authentic and unique.

Comcast is now working with Internet crime investigators to determine how the data was obtained.

For Andreyo, the conclusion is of little comfort. He questions the phishing explanation -- he's confident his computing knowledge and active security systems would keep him protected from such threats -- but more troubling to him is the fact that he was the first to take action after viewing the list. By the time Andreyo came across the document during his search this week, it had been posted for at least two months. Within that time, nearly 350 people had viewed it, and a couple dozen had even downloaded it to their own PCs.

"I was surprised that, of all the people who had previously viewed it, no one thought to say, 'Hey, take this down. This is private information,' " Andreyo says.

While the incident reinforces the importance of actively monitoring your own data on the Net, Andreyo hopes it also spreads a broader message -- one about the importance of users looking out for one another, too.

"The community of Internet users really has to watch out for these privacy issues," he says, "and let site owners know when something shouldn't be out there."

Connect with JR Raphael on Twitter (@jr_raphael) or via his Web site, jrstart.com.