dslreports logo
site
 
    All Forums Hot Topics Gallery
spc

spacer




how-to block ads


Search Topic:
uniqs
3422
share rss forum feed


FYI

@videotron.ca

2 edits

2 recommendations

[E-mail] Comcast Mail servers hacked

34 Comcast mail servers are victims to one exploit. Not known if more than 34 servers were hacked.

NullCrew claims hack of Comcast mail servers
»www.databreaches.net/nullcrew-cl···servers/

"NullCrew did not dump any customer data in the paste."

Another article on it (ZDnet) claims passwords were also dumped. But I did not notice this in the data dump that I saw (I *think* they withheld that part of the data from the dump).

However, the exploit and the exploited servers were all posted online. Apparently Comcast took the mail servers down last night for a fix. It may be wise to change Email passwords in case some other group or people went exploring with the info given on how to exploit Comcast and got your passwords.

Just an FYI and a heads up.

See also ---> »UPDATE on COMCAST EMAIL HACK - READ THIS!
»[E-mail] Email issue not being resolved. Looking for suggestions....


mediaguy
Politically Incorrect
Premium
join:2014-01-22
Guitar Town

[E-mail] Re: Comcast Mail servers hacked

Thanks for the info! Just one more reason to NOT use the Comcast mail servers, either incoming or outgoing.


workablob

join:2004-06-09
Houston, TX
kudos:4
reply to FYI
I use Comcast SMTP server only as a smarthost but I am going to change my password asap.

Blob
--
Don't try to follow me, I have a cab waiting. EEEEEEEEradicator!


FYI

@videotron.ca

1 recommendation

If anyone in this forums gets, or notices, a reply by Comcast in regards to this please post it, and the link if possible.

What's also important here is Comcast ignoring the data breach they have had, and not informing their valued customers.


owlyn
Premium,MVM
join:2004-06-05
Newtown, PA
Thanks to this thread, I changed my PWs earlier this morning.

Further research indicates it may have been their internal email that was hacked.


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to FYI
said by FYI :

NullCrew claims hack of Comcast mail servers

NullCrew also claims, "Zimbra sucks, didn’t you know?"

Fascinating, considering that Zimbra was once a Yahoo! property, and Yahoo! has had several breaches of email security.

(In all fairness, Yahoo! sold Zimnbra to VMware, which later sold it to Telligent Systems.)
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


telcodad
Premium
join:2011-09-16
Lincroft, NJ
kudos:15

1 recommendation

reply to FYI
Karl has a news item on it now: »Hacker Group Claims Comcast Mail Server Hack


anonomeX

@comcast.net
reply to FYI
I have an account. The account has a default email address (username@...) associated with it, as well as the account password--which is not specific to email. So, is this supposed "hack" related to primary account/email data/passwords? or to secondary email addresses/passwords attached to an account? (or both) That's what I wonder about...


FYI

@videotron.ca
@anonomeX, who knows. Comcast doesn't care enough to even state anything.

Maybe all their servers are still owned. We just don't know. Not like they cared enough to addressed anyone's concerns or make a statement in regards to the hack.

Best to assume it's all still vulnerable and non-secure till they address it and inform people their accounts are safe.
Expand your moderator at work

kungFUchimp

join:2013-09-18
Philadelphia, PA
reply to FYI

Re: [E-mail] Comcast Mail servers hacked

I don't understand why giant companies like Comcast do not communicate a lick of anything when stuff like this happens.

I remember when I used to live in Canada, a small isp by the name of TekSavvy would send you emails well in advance -before any downtimes for server upgrades or whatever. I always appreciated a heads up. One of the things I took for granted.


telcodad
Premium
join:2011-09-16
Lincroft, NJ
kudos:15
said by kungFUchimp:

I don't understand why giant companies like Comcast do not communicate a lick of anything when stuff like this happens.

Finally, an official response/comment from Comcast:

Comcast: No Evidence That Personal Sub Info Obtained By Mail Server Hack
‘We’re Aware Of The Situation And Are Aggressively Investigating It,” MSO Says

By Jeff Baumgartner, Multichannel News - February 7, 2014
»www.multichannel.com/distributio···k/148169
quote:
Comcast said it is investigating a claim by a hacker group that claims to have broken into a batch of the MSO’ email servers, but believes that no personal subscriber data was obtained as a result.

“We’re aware of the situation and are aggressively investigating it,” a Comcast spokesman said. “We take our customers’ privacy and security very seriously and we currently have no evidence to suggest any personal customer information was obtained in this incident.”



FYI

@videotron.ca
said by telcodad:

Finally, an official response/comment from Comcast:

Comcast: No Evidence That Personal Sub Info Obtained By Mail Server Hack ...

It will be lots of mud in their face if this hacktivist group releases more info in another data dump. But then again, this doesn't appear to be their style, though they may release some to prove a point. Like they just did with Bell Canada.

At around 10-am this morning from this group: LOL @comcast put their servers back up and they're STILL vuln. They must really care about their customers privacy.

It's almost as if comcast is taunting them by saying, "prove you took more info than what was in the data dump. Till then we are not even telling our customers to change passwords".

Don't know how smart of a move that is.


Auth_Server

@comcast.net
said by FYI :

t's almost as if comcast is taunting them by saying, "prove you took more info than what was in the data dump. Till then we are not even telling our customers to change passwords".

Don't know how smart of a move that is.

Considering that Comcast uses the customer's email credentials to authenticate access for more than just email (VOD, Premium service videos, WiFi access, et al), it seems that it is very likely that Comcast does its authentication on a central authentication server, rather than trying to sync authentication credentials on multiple servers for multiple unrelated services. In that case, the customer authentication credentials may not even be stored on the Zimbra servers that are the subject of this thread; and if that is the case, then customer authentication credentials would not be at risk by this particular exploit.


owlyn
Premium,MVM
join:2004-06-05
Newtown, PA
Reviews:
·Comcast
said by Auth_Server :

Considering that Comcast uses the customer's email credentials to authenticate access for more than just email (VOD, Premium service videos, WiFi access, et al), it seems that it is very likely that Comcast does its authentication on a central authentication server, rather than trying to sync authentication credentials on multiple servers for multiple unrelated services. In that case, the customer authentication credentials may not even be stored on the Zimbra servers that are the subject of this thread; and if that is the case, then customer authentication credentials would not be at risk by this particular exploit.

That is likely NOT the situation. If the authentication service goes down, then no one can get to anything. That would be a nightmare for Comcast phone centers. Plus, building something like that would require a lot of interaction between many departments at Comcast. Not something they are good at.


Auth_Server

@comcast.net
said by owlyn:

That is likely NOT the situation. If the authentication service goes down, then no one can get to anything. That would be a nightmare for Comcast phone centers. Plus, building something like that would require a lot of interaction between many departments at Comcast. Not something they are good at.

Actually, a central authentication server is simpler and requires less interaction between multiple services that require authentication using the same credentials. With each service maintaining its own authentication database, you have to try to synchronize those individual databases every time a user changes their password; think of the customer service problems that would cause when a customer changed their email password, and then lost access to VOD, WiFi, et al.

I don't know how Comcast handles user authentication internally, but a central authentication server is simpler than synchronizing multiple services, and is a more secure method. The fact that when you go to their webmail server at xfinityconnect.mail.comcast.net, you are actually redirected to login.comcast.net to do the authentication (and that authentication is then active for all of their services) does seem to point to their use of a central authentication service.


FureverFurry
Premium
join:2012-02-20
Wyoming, MI
reply to FYI
Might this hack have anything to do with suddenly getting many daily "russian bride" spam emails that - as a senior citizen - I find porno? Trust me, I don't go to those kinds of websites. (Yup, I report all of the spam.)


FYI

@videotron.ca
said by FureverFurry:

Might this hack have anything to do with suddenly getting ....

The method of the hack, the exploited servers, and so forth are now in the wild and world wide web. Comcast security would best be able to answer that question.

All Comcast had to state was, "No Evidence That Personal Sub Info Obtained By Mail Server Hack".

That doesn't say much. Also, does Comcast consider your Email address as "Personal Sub Info"? I don't know enough about the US to answer that. In some jurisdictions an Email address is not considered personal subscriber info. Some jurisdictions consider an Email address open to the public like your name and address in a phone book.

Comcast abuse and/or security should clarify all this for you.


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
reply to FureverFurry
said by FureverFurry:

Yup, I report all of the spam.

Using what method?
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


FureverFurry
Premium
join:2012-02-20
Wyoming, MI
Reviews:
·Vonage
·Comcast
said by NormanS:

Using what method?

I send the complete headers and email to both Comcast AND to SpamCop.


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
I am a Spamcop reporter, as well. About once every third month, or so, a stray lands in an Inbox, and I use the ESP "report spam" utility; but most is consistently dumped into "Bulk Mail" (AT&T-Yahoo!), "Junk" (MSN-Outlook.com), or "Spam" (Sonic.net-other ESP) folders.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum
Expand your moderator at work


JJJohnson

join:2001-08-25
Fort Collins, CO
reply to mediaguy

Re: [E-mail] Re: Comcast Mail servers hacked

said by mediaguy:

Thanks for the info! Just one more reason to NOT use the Comcast mail servers, either incoming or outgoing.

I thought Comcast virtually required its customers to use their outgoing SMTP server by blocking the standard SMTP port 25.


NormanS
I gave her time to steal my mind away
Premium,MVM
join:2001-02-14
San Jose, CA
kudos:12
Reviews:
·SONIC.NET
·Pacific Bell - SBC
said by JJJohnson:

I thought Comcast virtually required its customers to use their outgoing SMTP server by blocking the standard SMTP port 25.

A port 25 block would not affect smtp.mail.yahoo.com:465 access.
--
Norman
~Oh Lord, why have you come
~To Konnyu, with the Lion and the Drum


train_wreck

join:2013-10-04
Antioch, TN
or 587

JohnShade

join:2009-03-07
Pearland, TX
reply to JJJohnson
Yep, because spambot code to utilize port 25 outgoing/no authentication is very small and not htat hard to hide. using 587, etc. with SSL helps to stop the bots