A place for all things security.

Comcast email hack means you should probably change your password

Feb 12, 2014 // Andrew Stroup

Last week hacktivist group NullCrew hacked 34 of Comcast’s mail servers, exploiting a publicly known loophole to gain access to customer information and gather it without a trace. Although this vulnerability was first made public in December, 2013, Comcast had not yet upgraded their servers to counteract this threat. And so as you would expect the hacker group infiltrated Comcast’s network and posted details on how to gain access to these servers on Pastebin, which was later removed.

Comcast has moved to downplay the hacker’s allegations, saying in a statement to MultiChannel that:

“We’re aware of the situation and are aggressively investigating it,” a Comcast spokesman said.  “We take our customers’ privacy and security very seriously and we currently have no evidence to suggest any personal customer information was obtained in this incident.”

While Comcast stated that they have no evidence to suggest that there was a hack, the company did not confirm that their servers were not infiltrated. Shortly after NullCrew posted their information online, Comcast customers began complaining about slow connection speeds in the company’s customer service forum as other hackers made their own attempts to compromise the system.

Even if you’re one of their many users who don’t use a Comcast or Xfinity email address except to login to your account, the only way to ensure your data is protected moving forward is to change your password. Change it.