dslreports logo
 
    All Forums Hot Topics Gallery
spc
Search similar:


uniqs
5832

FYI
@videotron.ca

2 edits

2 recommendations

FYI

Anon

[E-mail] Comcast Mail servers hacked

34 Comcast mail servers are victims to one exploit. Not known if more than 34 servers were hacked.

NullCrew claims hack of Comcast mail servers
»www.databreaches.net/nul ··· servers/

"NullCrew did not dump any customer data in the paste."

Another article on it (ZDnet) claims passwords were also dumped. But I did not notice this in the data dump that I saw (I *think* they withheld that part of the data from the dump).

However, the exploit and the exploited servers were all posted online. Apparently Comcast took the mail servers down last night for a fix. It may be wise to change Email passwords in case some other group or people went exploring with the info given on how to exploit Comcast and got your passwords.

Just an FYI and a heads up.

See also ---> »UPDATE on COMCAST EMAIL HACK - READ THIS!
»[E-mail] Email issue not being resolved. Looking for suggestions....

mediaguy
Politically Incorrect
Premium Member
join:2014-01-22
Guitar Town

mediaguy

Premium Member

[E-mail] Re: Comcast Mail servers hacked

Thanks for the info! Just one more reason to NOT use the Comcast mail servers, either incoming or outgoing.

workablob
join:2004-06-09
Houston, TX

workablob to FYI

Member

to FYI
I use Comcast SMTP server only as a smarthost but I am going to change my password asap.

Blob

FYI
@videotron.ca

1 recommendation

FYI

Anon

If anyone in this forums gets, or notices, a reply by Comcast in regards to this please post it, and the link if possible.

What's also important here is Comcast ignoring the data breach they have had, and not informing their valued customers.

owlyn
MVM
join:2004-06-05
Newtown, PA

owlyn

MVM

Thanks to this thread, I changed my PWs earlier this morning.

Further research indicates it may have been their internal email that was hacked.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS to FYI

MVM

to FYI
said by FYI :

NullCrew claims hack of Comcast mail servers

NullCrew also claims, "Zimbra sucks, didn’t you know?"

Fascinating, considering that Zimbra was once a Yahoo! property, and Yahoo! has had several breaches of email security.

(In all fairness, Yahoo! sold Zimnbra to VMware, which later sold it to Telligent Systems.)

telcodad
MVM
join:2011-09-16
Lincroft, NJ

1 recommendation

telcodad to FYI

MVM

to FYI
Karl has a news item on it now: »Hacker Group Claims Comcast Mail Server Hack [56] comments

anonomeX
@comcast.net

anonomeX to FYI

Anon

to FYI
I have an account. The account has a default email address (username@...) associated with it, as well as the account password--which is not specific to email. So, is this supposed "hack" related to primary account/email data/passwords? or to secondary email addresses/passwords attached to an account? (or both) That's what I wonder about...

FYI
@videotron.ca

FYI

Anon

@anonomeX, who knows. Comcast doesn't care enough to even state anything.

Maybe all their servers are still owned. We just don't know. Not like they cared enough to addressed anyone's concerns or make a statement in regards to the hack.

Best to assume it's all still vulnerable and non-secure till they address it and inform people their accounts are safe.
Expand your moderator at work
kungFUchimp
join:2013-09-18
Philadelphia, PA

kungFUchimp to FYI

Member

to FYI

Re: [E-mail] Comcast Mail servers hacked

I don't understand why giant companies like Comcast do not communicate a lick of anything when stuff like this happens.

I remember when I used to live in Canada, a small isp by the name of TekSavvy would send you emails well in advance -before any downtimes for server upgrades or whatever. I always appreciated a heads up. One of the things I took for granted.

telcodad
MVM
join:2011-09-16
Lincroft, NJ

telcodad

MVM

said by kungFUchimp:

I don't understand why giant companies like Comcast do not communicate a lick of anything when stuff like this happens.

Finally, an official response/comment from Comcast:

Comcast: No Evidence That Personal Sub Info Obtained By Mail Server Hack
‘We’re Aware Of The Situation And Are Aggressively Investigating It,” MSO Says

By Jeff Baumgartner, Multichannel News - February 7, 2014
»www.multichannel.com/dis ··· k/148169
quote:
Comcast said it is investigating a claim by a hacker group that claims to have broken into a batch of the MSO’ email servers, but believes that no personal subscriber data was obtained as a result.

“We’re aware of the situation and are aggressively investigating it,” a Comcast spokesman said. “We take our customers’ privacy and security very seriously and we currently have no evidence to suggest any personal customer information was obtained in this incident.”


FYI
@videotron.ca

FYI

Anon

said by telcodad:

Finally, an official response/comment from Comcast:

Comcast: No Evidence That Personal Sub Info Obtained By Mail Server Hack ...

It will be lots of mud in their face if this hacktivist group releases more info in another data dump. But then again, this doesn't appear to be their style, though they may release some to prove a point. Like they just did with Bell Canada.

At around 10-am this morning from this group: LOL @comcast put their servers back up and they're STILL vuln. They must really care about their customers privacy.

It's almost as if comcast is taunting them by saying, "prove you took more info than what was in the data dump. Till then we are not even telling our customers to change passwords".

Don't know how smart of a move that is.

Auth_Server
@comcast.net

Auth_Server

Anon

said by FYI :

t's almost as if comcast is taunting them by saying, "prove you took more info than what was in the data dump. Till then we are not even telling our customers to change passwords".

Don't know how smart of a move that is.

Considering that Comcast uses the customer's email credentials to authenticate access for more than just email (VOD, Premium service videos, WiFi access, et al), it seems that it is very likely that Comcast does its authentication on a central authentication server, rather than trying to sync authentication credentials on multiple servers for multiple unrelated services. In that case, the customer authentication credentials may not even be stored on the Zimbra servers that are the subject of this thread; and if that is the case, then customer authentication credentials would not be at risk by this particular exploit.

owlyn
MVM
join:2004-06-05
Newtown, PA
Netgear CM2050V
Netgear RBRE960
Netgear RBSE960

owlyn

MVM

said by Auth_Server :

Considering that Comcast uses the customer's email credentials to authenticate access for more than just email (VOD, Premium service videos, WiFi access, et al), it seems that it is very likely that Comcast does its authentication on a central authentication server, rather than trying to sync authentication credentials on multiple servers for multiple unrelated services. In that case, the customer authentication credentials may not even be stored on the Zimbra servers that are the subject of this thread; and if that is the case, then customer authentication credentials would not be at risk by this particular exploit.

That is likely NOT the situation. If the authentication service goes down, then no one can get to anything. That would be a nightmare for Comcast phone centers. Plus, building something like that would require a lot of interaction between many departments at Comcast. Not something they are good at.

Auth_Server
@comcast.net

Auth_Server

Anon

said by owlyn:

That is likely NOT the situation. If the authentication service goes down, then no one can get to anything. That would be a nightmare for Comcast phone centers. Plus, building something like that would require a lot of interaction between many departments at Comcast. Not something they are good at.

Actually, a central authentication server is simpler and requires less interaction between multiple services that require authentication using the same credentials. With each service maintaining its own authentication database, you have to try to synchronize those individual databases every time a user changes their password; think of the customer service problems that would cause when a customer changed their email password, and then lost access to VOD, WiFi, et al.

I don't know how Comcast handles user authentication internally, but a central authentication server is simpler than synchronizing multiple services, and is a more secure method. The fact that when you go to their webmail server at xfinityconnect.mail.comcast.net, you are actually redirected to login.comcast.net to do the authentication (and that authentication is then active for all of their services) does seem to point to their use of a central authentication service.

FureverFurry
RIP Daphne: 3/12/05 - 6/19/12
Premium Member
join:2012-02-20
49xxx

FureverFurry to FYI

Premium Member

to FYI
Might this hack have anything to do with suddenly getting many daily "russian bride" spam emails that - as a senior citizen - I find porno? Trust me, I don't go to those kinds of websites. (Yup, I report all of the spam.)

FYI
@videotron.ca

FYI

Anon

said by FureverFurry:

Might this hack have anything to do with suddenly getting ....

The method of the hack, the exploited servers, and so forth are now in the wild and world wide web. Comcast security would best be able to answer that question.

All Comcast had to state was, "No Evidence That Personal Sub Info Obtained By Mail Server Hack".

That doesn't say much. Also, does Comcast consider your Email address as "Personal Sub Info"? I don't know enough about the US to answer that. In some jurisdictions an Email address is not considered personal subscriber info. Some jurisdictions consider an Email address open to the public like your name and address in a phone book.

Comcast abuse and/or security should clarify all this for you.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA

NormanS to FureverFurry

MVM

to FureverFurry
said by FureverFurry:

Yup, I report all of the spam.

Using what method?

FureverFurry
RIP Daphne: 3/12/05 - 6/19/12
Premium Member
join:2012-02-20
49xxx

FureverFurry

Premium Member

said by NormanS:

Using what method?

I send the complete headers and email to both Comcast AND to SpamCop.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS

MVM

I am a Spamcop reporter, as well. About once every third month, or so, a stray lands in an Inbox, and I use the ESP "report spam" utility; but most is consistently dumped into "Bulk Mail" (AT&T-Yahoo!), "Junk" (MSN-Outlook.com), or "Spam" (Sonic.net-other ESP) folders.
Expand your moderator at work

JJ Johnson
Premium Member
join:2001-08-25
Fort Collins, CO

JJ Johnson to mediaguy

Premium Member

to mediaguy

Re: [E-mail] Re: Comcast Mail servers hacked

said by mediaguy:

Thanks for the info! Just one more reason to NOT use the Comcast mail servers, either incoming or outgoing.

I thought Comcast virtually required its customers to use their outgoing SMTP server by blocking the standard SMTP port 25.

NormanS
I gave her time to steal my mind away
MVM
join:2001-02-14
San Jose, CA
TP-Link TD-8616
Asus RT-AC66U B1
Netgear FR114P

NormanS

MVM

said by JJ Johnson:

I thought Comcast virtually required its customers to use their outgoing SMTP server by blocking the standard SMTP port 25.

A port 25 block would not affect smtp.mail.yahoo.com:465 access.

train_wreck
slow this bird down
join:2013-10-04
Antioch, TN

train_wreck

Member

or 587
JohnShade
join:2009-03-07
Pearland, TX

JohnShade to JJ Johnson

Member

to JJ Johnson
Yep, because spambot code to utilize port 25 outgoing/no authentication is very small and not htat hard to hide. using 587, etc. with SSL helps to stop the bots