This story is over 5 years old.


Cox Investigates as Employee Data Appears for Sale on the Dark Web

Names, email addresses, phone numbers and other details of 40,000 apparent Cox employees is listed for sale on the dark web.

Consumers are not the only ones who need to worry about their details ending up for sale on the so-called dark web when a company suffers a breach: Employees are at risk too. Apparent names, email addresses, phone numbers, and other information relating to some 40,000 Cox Communications employees is currently advertised on a marketplace specialising in stolen data and computer exploits.

"Selling 40k personal details of cox employs [sic]," the listing on The Real Deal Market, a recently relaunched dark web site, reads. Cox Communications is a US internet service provider which also sells cable access.


Motherboard obtained a relatively small sample of the data for verification purposes, containing information on 100 apparent employees, and shared a copy of it with the affected company.

"Cox Communications is aware of this matter and the business-related information to which it relates," Todd Smith, a Cox Communications spokesperson, said in an email. "We're taking this very seriously and have engaged a third-party forensic team to conduct a comprehensive investigation and are actively working with law enforcement. Cox's commitment to privacy and data security is a top priority for the company." Smith did not directly acknowledge that the sample of data was authentic.

Many of the email addresses included in the data sample appear not to be publicly available on the internet, although some are. The names seem to correspond to real staff members, judging by employee profiles on LinkedIn and other websites. Some of the entries in the sample obtained by Motherboard were duplicates.

The sample also included physical addresses for the employees, although these did not seem to be home addresses; several were for Cox's offices. The dump also contained names of the employees' managers, the date of their last login, and the last time their password was reset. Some of the logins stretch back to 2007, but some are as recent as December 2015.

The hacker advertising the data, who also claimed to have carried out the hack, would not tell Motherboard how he or she gained access to Cox's systems, but indicated that more data may have been stolen, possibly including customer details. However, Motherboard was not presented with any evidence of customer data having been obtained.