An archive labeled as a Comcast customer dump is being shared on BreachForums. The file is split into three parts: roughly 27,000 customer records with full names and physical addresses, around 590,000 email-and-password pairs, and a forum-attribution README from the actor who posted it.
Comcast has not publicly confirmed any portion of this leak, and the precise provenance of the data is unclear. What is clear is what the files contain: enough information to map a real person to a Comcast subscriber address with credentials that may still work on third-party services where the same password was reused.
What this is, and what it is not
The 27k file with addresses appears to have come from a billing-system view rather than a forum or a marketing list. The 590k credential file is in plaintext, which is unusual for a major US carrier and is more consistent with a dump that has been processed through cracking infrastructure before redistribution. We have not been able to corroborate that any particular portion came from a recent intrusion at Comcast itself, and the README that ships with the archive provides little useful detail.
Treat the data as confirmed if it appears in our index. Treat the attacker's claims about how the data was obtained as unverified. Anyone with a Comcast account on the list should change their portal password immediately, watch for billing-related phishing that cites a real address, and consider whether the email used for the account warrants its own rotation elsewhere.