This is a leak that deserves its own post. Website Planet reports:
On December 1st, 2020 the WebsitePlanet research team in cooperation with Security Researcher Jeremiah Fowler discovered a non-password protected database that contained over 1.5 billion records. There were references to Comcast throughout the database including multiple subdomains, urls, and internal IP addresses. The publicly visible records included dashboard permissions, logging, client IPs, @comcast email addresses, and hashed passwords.
And there was more that could leave the firm more vulnerable to attacks, as the report explains. And then Comcast goofed some more….
Following my disclosure to Comcast, I have been somehow included in an internal email thread where someone accidentally attached “access logs and cluster samples”. This email put 14 attachments in my inbox that were intended for internal communications regarding the incident. I immediately knew this was an unintentional and honest mistake. As a legitimate Security Researcher I highly value ethics and integrity when it comes to data protection. I did not open the attached compressed files and I did not see what they contained. Shortly after that, I received another email telling me they had made a mistake by sending me those documents and I confirmed that I would not access those records.
Read more on WebsitePlanet.