Comcast Internet Customers: You Should Change Your Password

Comcast hasn’t been forthcoming about warning customers to change their email account passwords.

If the idea of Comcast email makes you roll your eyes … OK, that’s reasonable. But Comcast was hacked recently, their mail servers were compromised, and every Comcast Internet customer has an Xfinity email address. So for Comcast’s 19.9 million Internet customers, this is important. It could be you.

Last week the hacking group NullCrew FTS hacked 34 (or possibly more) of Comcast’s servers and then published details about how to infiltrate the company’s mail servers on Pastebin. Comcast didn’t acknowledge the situation until the Pastebin post was removed more than a day later.

In a statement to the broadband news site MultiChannel, a Comcast spokesperson said that:

We’re aware of the situation and are aggressively investigating it. We take our customers’ privacy and security very seriously and we currently have no evidence to suggest any personal customer information was obtained in this incident.

But once the NullCrew FTS vulnerability was live, users began experiencing problems as the affected mail servers struggled under the load of numerous attacks. ZDNet found examples of customers complaining about the situation in Comcast customer service forums. It seems unlikely that no customer data was compromised give that the whole Internet had access to the servers for more than 24 hours.

The situation is esepcially troubling given that NullCrew FTS had already discovered the overarching vulnerability, CVE-2013-7091, in December 2013, but Comcast never updated their system to patch the hole. Even if you don’t use your Xfinity address for anything other than logging into your Comcast account, the only way to protect your data going forward is to change your password. Go do it.