What should Comcast have advised customers after breach?
So while I was offline, Comcast sent me a statement on Feb. 7 in response to repeated requests for a statement about a breach reported here on Feb. 5:
“We’re aware of the situation and are aggressively investigating it,” a Comcast spokesman said. “We take our customers’ privacy and security very seriously and we currently have no evidence to suggest any personal customer information was obtained in this incident.”
Violet Blue is not impressed, either:
Comcast, the largest internet service provider in the United States, ignored news of the serious breach in press and media for over 24 hours — only when the Pastebin page was removed did the company issue a statement, and even then, it only spoke to a sympathetic B2B outlet.
During that 24 hours, Comcast stayed silent, and the veritable “keys to the kingdom” sat out in the open internet, ripe for the taking by any malicious entity with a little know-how around mail servers and selling or exploiting customer data.
Comcast customers have not been not told to reset their passwords. But they should.
Read more on ZDnet.