Comcast web mail servers hacked, all users at risk

[ShyWriter]

.

Comcast web mail servers hacked, all users at risk

 

Brian Henry  

06 February 2014

 

 

 

Hacking group NullCrew FTS declared today that it had exploited a security flaw in Comcast’s Zimbra webmail server. It’s believed that the group used what is known as a LFI exploit or local file inclusion vulnerability to obtain usernames and passwords of Comcast ISP users.

 

The hacking group claims it used this exploit to gain access to the Zimbra LDAP and MySQL database which house the user accounts and passwords. The group posted earlier on pastebin.com a list of what they gained access to, but with no usernames or passwords listed. The posting has since been removed by pastebin.

 

Every Comcast ISP user has a master account, which is accessible through their Zimbra webmail site. This account can be used to access your payment information, e-mail settings, user account creation and services you purchase from Comcast. Even if you do not use their mail service, you still will have a master account. It is strongly recommended that, if you are a Comcast user, you change your password as soon as possible. 

 

Comcast performed out-of-schedule maintenance on their mail servers last night, hopefully to fix this exploit. No more information is available at this time on what maintenance was performed.

 

Source: ZDNet

 

/Steve

[daledoc1]

YIKES!

 

After this other, recent report, it seems they are having some "issues" at Comcast, to say the least!?

 

Mildly happy they left my market > 10 years ago (not that my current provider is much better).

 

 

[MrCharlie]

I have them?????   

MrC

[joeuser]

I guess I better go change mine.

[Firefox]

Not using them, but if they buy out Road Runner, I am in BIG trouble....

[AdvancedSetup]

I don't keep email with my ISP.  They have to hack Google, Hotmail, Yahoo to affect me.

[GT500]

I run my own server for my e-mail, website, etc. so if there are any breaches it's my own fault.