A list of more than 8,000 stolen Comcast customer IDs and passwords was posted publicly on the Web for more than two months on the Scribd document sharing site before being discovered and removed yesterday.

It apparently took a tip from reporter Brad Stone of the New York Times to wise-up Scribd to the situation. Stone was tipped off by a Comcast customer who came across the list by accident searching for references to himself on the Web.

Comcast spokeswoman Jennifer Khoury told The New York Times that the list was not leaked from within her company but was probably compiled as a result of a phishing operation by external bad guys.

It also came to light in Comcast’s own investigation of the incident, that about half the entries on the list were duplicates, further supporting the notion that it was compiled by phishers.

Comcast has frozen the e-mail accounts of the 4,000 or so customers whose IDs and passwords were stolen and is contacting all effected parties.

But the question remains… Why did the information remain posted, in the open, for so long before being discovered? We may never know.

Leave a Reply