Over the weekend someone on the dark web of the Internet started selling a list of Comcast usernames and passwords. The complete list had 590,000 email addresses and passwords. Comcast was quick to respond to this disclosure. By Saturday night Comcast had a copy of the list and checked each entry to determine which accounts were valid. Two hundred thousand accounts at Comcast were forced to reset the password on the next login.
A Comcast representative confirmed that their security teams were certain that none of their systems had been compromised to release the account information. The possible source for the know good email addresses and passwords could be Phishing attacks or malware installed on the victims computers. Keylogging malware can capture usenames and passwords from your keyboard.
“We’re taking this seriously and we’re working to get this fixed for those customers who may have been impacted,” a Comcast spokesperson told the Washington post adding, “but the vast majority of information out there was invalid.”
Comcast does not offer multi-factor authentication for your account. Multi-factor authentication requires a password and one other form of identification to allow access to the account. The other identification can be a text message, smart phone app or a security key in your computer. If your password is compromised or lost your account is still safe with two factor authentication or multi-factor authentication. If your email is important then you should be using the best in class protection for your messages. This should include everyone that has a bank account or brokerage account. Your email is the destination for password reset confirmation messages.
You can check to see what services use multi-factor authenitcation at TwoFactorAuth.
If you are tired of looking for your password in a pile of post-it notes or a book you can use a password manager. Do you use the same password on multiple web sites? LastPass is free to use on your computer and it does support multi-factor authentication. You can try LastPass here .
Want to know more about how to secure your life online? Click to Send message