Cable giant Comcast announced Monday that 200,000 of its customers will have to reset their login information after a suspected security breach, although the company denies it was hacked.
A post on the dark web claimed to sell a package of 590,000 Comcast user emails and passwords for $1,000, reports CSO, a site that specializes in security-and-risk management. Only around 200,000 of those combinations were reportedly still current.
According to CSO, it’s likely that the login information became available when customers accidentally installed malware, or were exposed to phishing or previous major data breaches. It’s unclear still where exactly the data came from, but Comcast insists that their systems did not fall victim to a breach.
“We’re taking this seriously and we’re working to get this fixed for those customers who may have been impacted, but the vast majority of information out there was invalid,” a company spokesperson said, according to the Washington Post.
The dark web is difficult to access publicly — users usually require special software to reach it — but has become a growing marketplace for user information sales and other cybercrimes, according to Raj Samani, the chief technology officer for Intel Security.
“With such a significant number of data breaches making headlines over the last two years, it’s not surprising to see so much consumer data for sale,” he wrote on McAfee’s Executive Perspectives blog. “But the wide variety of data and related profit-making schemes never cease to surprise those of us monitoring the Dark Web on an ongoing basis.”