[BreachExchange] Comcast Data Breach Compromised with 1.5 Billion Data Records

Destry Winant destry at riskbasedsecurity.com
Mon Feb 15 10:28:05 EST 2021


https://www.ehackingnews.com/2021/02/comcast-data-breach-compromised-with-15.html

American cable and Internet giant Comcast was struck by a data breach
few days back. An unprotected developer database with 1.5 billion data
records and other internal information was available via the Internet
to third parties during this data breach.

Comcast Corporation is the largest cable operator network and, after
the AT&T it is the second largest internet service provider as well as
the third largest telephonic company in the US after the AT&T and
Verizon Communications.

Recently the research team of WebsitePlanet in collaboration with the
security researcher, Jeremiah Fowler, identified a
non-password-protected database with a total size of 478 GB of 1.5
billion records. The database of Comcast featured dashboard
permissions, logging, client IPs, @comcast e-mail addresses and hashed
passwords in publicly accessible domain. By this breach, a description
of the internal functionality, logging and general network structure
is established with the IP addresses contained in the database. The
server also revealed the Comcast Development Team's email addresses
and hashed passwords. Further the database also provided the error
reports, warning and the task or job scheduling information, cluster
names, device names, and internal rules marked by the tag
“Privileged=True.” Middleware also was detected in error logs and can
often be used for ransomware or other bugs as a secondary way.

However the measures to control the access to the data were taken
around in an hour, as the malicious actors could have easily accessed
and retrieved the confidential information until the data was secured.
The researchers relying on Comcast's data immediately submitted a
notice of disclosure and affirmed their observations to their Security
Defect Reporting team.

Fowler also said that, this was among the fastest response times I
have ever had. Comcast acted fast and professionally to restrict the
data set that was accessible to anyone with an internet connection.

A representative for Comcast stated that, “The database in question
contained only simulated data, with no real employee, customer or
company data, outside of four publicly available Comcast email
addresses. The database was used for software development purposes and
was inadvertently exposed to the Internet. It was quickly closed when
the researcher alerted us of the issue. We value the work of
independent security researchers in helping us to make our products
and services safer and thank the researcher for his responsible
disclosure in this matter.”

Naturally, it is unavoidable to deal with errors which reveal data as
long as people are engaged in configurations. However, Comcast's size
does cause these mistakes to be very disruptive and can affect many
subscribers and business customers. That's the reason why these firms
would follow those security lists, double-check additional teams, and
do whatever they can to reduce chance of publicity. Though in this
incident the action was taken in time.


More information about the BreachExchange mailing list