A group of hackers has posted to the Web today data that appears to include Comcast employee names, ages and salaries, as well as e-mails and passwords associated with AT&T VoIP service accounts.
Proclaiming the kickoff of "#WikiBoatWednesday...when all the members from @TheWikiBoat fight corruption, leak data, and bring down websites," the hackers released the data in two different posts to the Pastebin Web site. Several of the Twitter handles used by the group, including @AnonymousWiki, referenced the Anonymous online activist group, but the connection to the larger, decentralized collective is unclear.
"The first part is (Comcast) Employee names, ages and salaries. And the second part, is information logged from 'Facebook Quizzes,'" one of the Pastebin messages says. "Quite odd that they'd be storing your information from facebook in THEIR database hm? Anyways, I believe the format for the Facebook Quizzes is something like: Quiz-ID | User ID | Password | And some more info after that. So enjoy ;)."
And the other Pastebin message says: "Hello everyone. In this dump for #WikiBoatWednesday, I got into an AT&T Database. The database is from a pretty old subdomain, but it has some decent information in the accounts. So I hope you guys enjoy." It also includes a link to a login page for AT&T VOIP service accounts.
CNET has contacted Comcast for comment and will update this report when we learn more. An AT&T spokesman was trying to get comment.
As with many data dumps, it's unclear whether the data is what the hackers claim it is, whether it is current, who actually stole it, and how. In this case, after the @HdVries Twitter account noted that the Facebook-related data from the Comcast leak was the same as that on a completely separate Web page, one of the hackers claiming credit for the dump -- @Zer0Pwn -- responded with a Tweet that said "No, I hacked it using POST MsSQL Injection." And another Twitter user, @CharlesElMir, found several other instances of the Comcast data on the Web and wrote about it in a blog post.
In the last year or so, hackers under the banners of "Anonymous" and "LulzSec" and now "WikiBoat" have stepped up their attacks on corporations and government sites in a move to embarrass the targets and generate publicity for their causes such as WikiLeaks whistleblower activism and anti-censorship. Arrests and guilty pleas from LulzSec members recently do not appear to have deterred the hackers at all.
Meanwhile, companies are increasingly being called out when customer data ends up in hackers' hands. Yesterday, the FTC sued hotel chain Wyndham, alleging that the company failed to adequately protect customer credit card numbers that had been stolen and used by criminals in fraudulent transactions. And earlier this month, hackers were found to be sharing and cracking encrypted passwords that were stolen from LinkedIn, eHarmony and Last.fm. Already, LinkedIn has been sued over the matter.
Updated 8:17 a.m. PT June 28 to update that data from Comcast dump was found in several other locations.