Cable and telecommunications company Comcast, which has approximately 28 million customers took the unusual step of freezing the accounts of 200,000 of its customers yesterday upon becoming aware that these particular customers had their personal information including email addresses and passwords being sold on the black market to identity thieves.  The black market used by cybercriminals to sell stolen personal information to other cybercriminals is often referred to as the dark web, which can only be accessed through the use of special software.  Similar to the hacking of accounts at British telecom company Vodafone about which I reported to you last week, in this instance it was not Comcast that suffered a data breach, but rather other companies from which the cybercriminals got the email addresses and passwords and then were attempting to sell them to be used to hack into the victims’ Comcast accounts because the victims used the same passwords at multiple websites.  Using the same password at multiple websites and accounts is a very bad practice and makes you much more vulnerable to identity theft because if your security is compromised at one company with poor security, your security at important accounts, such as your bank is endangered.

Comcast is now requiring the 200,000 affected customers to change their passwords before they can have access to their accounts again.


The primary lesson here is that you should always use a separate and unique password for each of your online accounts.  Many people fail to do so out of a concern about remembering a large number of different passwords, but this does not have to be the case.  There is a simple way to make your passwords strong.   Start off by taking a phrase that is easy to remember, such as “IDon’tLikePasswords.” This can be the basic element of all your passwords. Then for added security add a few symbols, so it reads, for example, IDon’tLikePasswords!!!. This is a strong password that is long and combines small letters, capital letters and symbols. Now all you need to do is to adapt that basic password for each of your accounts to make it unique for each account. For example, you could adapt this for your Amazon account by adding “Ama” at the end of the basic password making your Amazon password IDon’tLikePasswords!!!Ama. That is a strong password that is easy to remember.