Yesterday a document on Scribd, a document sharing Web site, with Comcast customers' email account passwords was brought to our attention by Kevin Andreyo and Brad Stone of the New York Times (read Brad's post here). Working quickly with Scribd we had the document removed. We analyzed it to determine how much account information it contained. The list did have 8,000 entries only about 700 of those entries were valid userIDs which were Comcast customers. What's a userID? It's an email and a password - so you might have 5 userIDs in your house if you have a family.
So what are we doing? A few things:
* We've frozen all of these accounts, and are in the process of calling each of the people impacted.
* Our engineers are reviewing our systems and there is no evidence that any Comcast systems have been breached.
* We're working with the proper authorities.
What do we think happened? Judging by the data that this file contained, and the way it was organized (which is to say there was no organization at all) it looks like this was the result of a phishing attack (which Jay Opperman covered last week on the blog).
We take this matter very seriously and want to remind you to take every safeguard you can to make sure your computer is safe from such attacks.
Check out "Comcast.net Security" for details about downloading McAfee for your Windows systems, as well as other tips for keeping yourself safe on the web.