Starting late yesterday, Comcast users began noticing that Comcast.net
had been hacked. More technically, early indications are that someone hacked Comcast's registrar account at Network Solutions, changing the authoritative DNS servers for Comcast.net -- rerouting portal visitors to IP addresses in Germany or elsewhere. Where once Comcast's portal sat, users were instead greeted with the following text (see screenshot
KRYOGENICS Defiant and EBK RoXed Comcast
sHouTz to VIRUS Warlock elul21 coll1er seven
The problem is impacting user access to the Comcast portal, webmail (obviously) and the official Comcast forums. Though there's no indication that user privacy is jeopardized, you may want to avoid using Comcast webmail until things have been completely cleared up. Comcast tells us they're aware of the problem.
We believe that our registration information at the vendor that registers the Comcast.net domain address was altered, which redirected the site, and is the root cause of today's continued issues as well.
-Comcast Spokesman Charlie Douglas
"We are aware of the problem and working to get this resolved as quickly as possible," says one technician. "Our sincere apologies for any inconvenience this may be causing." According to the tech, Comcast DNS servers have been corrected, but it will take some time for the fix to propagate out to other servers.
"Depending on the TTL for those servers, this could take several hours and in rare cases, longer," he says. Several users tell me that when they called Comcast customer support, they were told that the outage was due to "routine maintenance."
I spoke with Comcast spokesman Charlie Douglas briefly about last night's events.
"Last night users attempting to access Comcast.net were temporarily redirected to another site by an unauthorized person," he says. "While that issue has been resolved and customers have continued to have access to the Internet and email through services like Outlook, some customers are currently not able to access Comcast.net or Webmail." Douglas says that network engineers continue to work on the issue.
"We believe that our registration information at the vendor that registers the Comcast.net domain address was altered, which redirected the site, and is the root cause of today's continued issues as well," he says. "We have alerted law enforcement authorities and are working in conjunction with them."
There's additional user discussion in our forums
, where users have been talking about the hack overnight.