Comcast gets hacked, downplays potential dangers

Comcast is keeping customers in the dark after an apparent hack of the company's mail servers last week.

On February 5, hacking group NullCrew FTS claimed to have gained access to 34 Comcast mail servers. The hackers exploited an unpatched vulnerability in Zimbra server software, and made off with Lightweight Directory Access Protocol passwords and MySQL credentials.

Shortly thereafter, NullCrew posted the details of its exploit on Pastebin, along with a list of the company's mail servers. An initial ZDNet story reported that the hackers posted the stolen passwords to Pastebin, but a subsequent report walks back that claim.

Even so, the exploit was made public for 24 hours before the hackers removed the Pastebin post entirely. In those 24 hours, Comcast forum users reported slowness, crashing and reliability issues, according to ZDNet.

Only after that 24-hour period did Comcast issue a response, telling Multichannel News that it was “aggressively investigating” the situation. “We take our customers’ privacy and security very seriously and we currently have no evidence to suggest any personal customer information was obtained in this incident,” Comcast said.

So what's the issue? ZDNet suggests that in those 24 hours, any malicious hacker could have used NullCrew's exploit and helped themselves to users' data. Comcast's only response so far—a canned statement to a single trade publication the following day—isn't encouraging, even though the company claims that everything's fine.

From the outside, there isn't any hard evidence that any personal data was stolen. We can only speculate based on the claims of one hacker group, but that's all the more reason for Comcast to set the record straight for its customers. Downplaying potential security breaches is never helpful to anyone.

Subscribe to the Security Watch Newsletter

Comments