The seller was offering 100,000 accounts for $300 or the whole list for $1000.
It appears that Comcast was the only buyer of the list, and their security team found 200,000 of the accounts were active, leading to the mass reset.
Comcast says their systems and apps have not been compromised so it remains unclear on how the list came to be. Most likely, the list was recycled from other data breaches and combined.
Source:
CSO
Written by: Andre Yoskowitz @ 10 Nov 2015 1:16