Comcast passwords leaked onto the Web

Company freezes e-mail accounts of customers whose usernames and passwords were found exposed on the Internet.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

March 17, 2009 10:27 a.m. PT

Updated March 17 9:45 a.m. PST with Comcast saying there were 700 customer names on the list.

A list of 700 usernames and passwords for Comcast customers was removed from document-sharing Web site Scribd on Monday, two months after it was posted there.

Scribd removed the list of what initially looked like thousands of passwords and usernames after being contacted by Brad Stone at The New York Times. Stone wrote that he was contacted by a Comcast customer who happened across the list after doing a search on his own e-mail address on search engine Pipl.

Comcast spokeswoman Jennifer Khoury told The New York Times that the list was probably compiled from phishing or some other related type of attack and not from inside Comcast.

Comcast is freezing the e-mail accounts of customers whose data was exposed and is contacting them, she said.

"We have scrubbed the list that was on ScribD and have found that about 700 names are user ID's that are for Comcast customers, not 8,000," a Comcast spokesman said in an e-mail later. "The other names on the list are either not customers, duplicates or older inactive accounts (no e-mail address currently)."