The New York Times has reported that a list of over 8,000 Comcast user name and passwords were available to the public via Scribd for two months, before a Wilkes University professor discovered it over the weekend after doing a search for his identity online. Comcast is saying it looks like the result of a phishing scam and isn’t an inside job, and that there are so many duplicate entries on the list that it’s closer to 4,000 customers.
The man who discovered it, Kevin Andreyo, deserves a slap on the back for using the power of the web to track down personal information about himself—he used pipl to perform a search on his name and address—and he deserves a slap somewhere else for using the same password on every account.
“That isn’t just my password for Comcast, it’s my password for everything that is not tied to my credit card,” Mr. Andreyo said in an interview.
People! Do not do that! Unless you suffer from brain damage or some form of learning disability, your brain can remember more than one password. Do not make it easy for scammers by using a master key that can open any door into your personal life.
If you’re worried that you were on the list, the easiest way to tell is to see if your Comcast email account has been frozen—Comcast is taking this measure as well as “contacting them to educate them about using safe passwords.”