Unpatched Comcast Security Flaw Leaves User Data Exposed

| News

Several days ago the hacking group NullCrew FTS gained access to Comcast's email servers, and then shared enough information on the Internet so that other hackers could do the same. Comcast didn't warn customers of the security breach, and was apparently warned of the flaw in December 2013, but hadn't fixed the issue.

Hackers expose steps for accessing Comcast's email serversHackers expose steps for accessing Comcast's email servers

NullCrew FTS's report was available on Pastebin for over a day before it was removed, which means most anyone with a little Internet and hacker savvy could find the post and gain access to Comcast servers, too. The Internet service provider finally acknowledged the incident after the Pastebin post was removed.

In a statement to Mulitchannel, a Comcast spokesperson said,

We're aware of the situation and are aggressively investigating it. We take our customer' privacy and security very seriously and we currently have no evidence to suggest any personal customer information was obtained in this incident.

The problem is that the information needed to duplicate NullCrew FTS's steps was available for days, and once it was on the Internet, Comcast's servers saw dramatic performance hits and crashes. That's a red flag indicating the servers were being hit hard, and most likely from other hackers trying to follow NullCrew's steps.

Assuming hackers gained access to the user login information for email accounts, they could potentially get into other parts of user accounts, too, since the same login is used in other places. This is a big deal even for Comcast customers that use different email addresses for their online correspondance because they're automatically assigned a Comcast address.

Comcast's statement isn't instilling a sense of comfort in its customers because the steps to hack the servers were available on the Internet for over 24 hours, and because the security flaw went unpatched for more than a month after it was discovered.

The photo-based social networking service Snapchat recently found itself in a similar situation when hackers made off with 4.6 million user names and phone numbers. The company downplayed the incident, and made a feeble attempt at convincing subscribers there wasn't a problem. The Snapchat app has since been updated to address the issue, but now the company is dealing with a new headache since hackers can use the app to create denial of service attacks that crash victim's iPhones.

The bottom line is that Comcast's email servers were hacked, and that anyone with a Comcast account needs to change their password now to help protect themselves and their personal information.

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

Failing to acknowledge serious security breaches is a big deal, and right now if feels like Comcast is taking the Snapchat route to alerting customers and fixing the problem. If you're a Comcast customer, change your account password now.

Popular TMO Stories


Miranda Gordon

Does Comcast not have an option for two factor authentication? I am not a Comcast user, but I am starting to wonder why companies are not taking immediate action to better protect their users security. Are they waiting to be hacked or what? Passwords are not the key to defeating hacks. People need 2fa in order to be properly protected from threats. I use LastPass as my password manager and added the Toopher multi-factor authentication option to add even more security to it. Companies should do their research. There are tons of 2fa solutions out there and Toopher blows them all out of the water when it comes to the user experience. As a consumer, do I just sit and wait for all of my stuff to get hacked until companies start taking action?  It’s very frustrating!


Comcast does not offer two factor authentication. Perhaps they should. I have changed my password to a Safari-suggested very strong one because of this breach.

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account