Comcast Sets Default Xfinity Mobile PIN to 0000 and Fraudsters Jump for Joy

Discussion in 'HardForum Tech News' started by cageymaru, Mar 1, 2019.

  1. cageymaru

    cageymaru [H]ard as it Gets

    Messages:
    19,725
    Joined:
    Apr 10, 2003
    According to the Washington Post, Comcast extolled the advantages of setting the default PIN on Xfinity Mobile phone service accounts to 0000 as a convenience for its customers. "Comcast's help site for switching carriers suggests this is to make things easier: 'We don't require you to create an account PIN, so you don't need to provide that information to your new carrier.'" Comcast's policy combined with information garnered from past non-Comcast data breaches made life much easier for hackers and identity theft fraudsters.

    Xfinity Mobile customer Larry Whitted detailed his experience of someone hijacking his phone number, porting it to a new account on another network, and committing identity fraud. The unscrupulous thief added Samsung Pay to the new account and Whitted's credit card. Then he used it to buy a computer from an Apple Store. Other Xfinity Mobile customers have reported the same issues. Comcast says it is working on a PIN-based solution.

    After I contacted Comcast, it said it was making a fix. "We're aware of a very small number of customers impacted by this issue, but even having one customer impacted by this is one too many," a spokeswoman said in a statement. New measures that make it harder to steal phone numbers took effect shortly before I published this column. Comcast said it is also "working aggressively towards a PIN-based solution." Comcast said a fraudster still needs several pieces of customer information to port a number, including the obscure Xfinity Mobile account number that it usually requires a password to access. "We believe this has only affected customers whose passwords might have been included in previous, non-Comcast related breaches," the spokeswoman said.
     
    captaindiptoad and Wrecked Em like this.
  2. HeadRusch

    HeadRusch [H]ard|Gawd

    Messages:
    1,121
    Joined:
    Jun 8, 2007
  3. Ski

    Ski Gawd

    Messages:
    955
    Joined:
    Jun 21, 2008
    $100 bucks says the programmers last day (cuz he planned it all along) on the job, he decided the best way to fuck Comcast was to do conduct this little comedy. There's no way in hell someone is dumb or myopic enough to make a password so ridiculously simple. I almost guarantee whoever did this was out of malice or revenge. Would be magnificent if this were true.
     
  4. Master_shake_

    Master_shake_ [H]ardForum Junkie

    Messages:
    8,663
    Joined:
    Apr 9, 2012
    Ditzy bitch obviously it's fucking happening.

    wow.
     
  5. exiled350

    exiled350 [H]ard|Gawd

    Messages:
    1,029
    Joined:
    Jun 26, 2013
    I get Comcast sucks and all, and that this is a pretty serious problem. But come on, that title looks like something grabbed from the trash bin at a Taboola interns desk.
     
  6. Sikkyu

    Sikkyu I Question Reality

    Messages:
    2,882
    Joined:
    Jan 21, 2010
    hilarious it is not me
     
  7. Galvin

    Galvin 2[H]4U

    Messages:
    2,694
    Joined:
    Jan 22, 2002
    Its cause every company these days outsources IT, which is a security risk
     
  8. Lakados

    Lakados [H]ard|Gawd

    Messages:
    1,490
    Joined:
    Feb 3, 2014
    Comcast should be held liable, for all acts of fraud committed by this breach. Until there are real consequences for their actions there will be no resolution
     
    Armenius and arnemetis like this.
  9. Evil Timmy

    Evil Timmy [H]Lite

    Messages:
    103
    Joined:
    Oct 28, 2004
    That's amazing, I've got the same combination on my luggage!
     
    Revdarian, tetris42, Armenius and 5 others like this.
  10. commissioneranthony

    commissioneranthony [H]ard|Gawd

    Messages:
    1,048
    Joined:
    Jul 2, 2008
  11. Elf_Boy

    Elf_Boy 2[H]4U

    Messages:
    2,298
    Joined:
    Nov 16, 2007
  12. Grimlaking

    Grimlaking 2[H]4U

    Messages:
    2,792
    Joined:
    May 9, 2006
    Nice spaceballs reference.
     
  13. Krazy925

    Krazy925 2[H]4U

    Messages:
    2,607
    Joined:
    Sep 29, 2012
    Fuck Comcast with a cactus.
     
  14. mord

    mord Limp Gawd

    Messages:
    377
    Joined:
    Mar 8, 2005
    After 3 months of intense research and consulting with top industry leaders, comcast came to a solution that was determined to be the optimal resolution for their customers security at an efficient use of company resources.

    The new default pin is 1111.

    Thank you for your patience.
     
    stelonous likes this.
  15. umeng2002

    umeng2002 Gawd

    Messages:
    923
    Joined:
    May 23, 2008
    "We ask that you please bear with us."
     
    tetris42 likes this.
  16. tetris42

    tetris42 [H]ardness Supreme

    Messages:
    4,518
    Joined:
    Apr 29, 2014
    I think you severely overestimate the competence of multi-billion dollar corporations.

    Step 1: Programmer makes code, not his job to set the password, so he leaves it at zero for somebody else.
    Step 2: Management doesn't understand any of it, programmer says it's done, so he tells someone else to launch it.
    Step 3: Person launching it makes sure it runs, doesn't check password.

    Hell, all zeroes is good enough for nuclear missiles.
     
    stelonous, Revdarian and clockdogg like this.
  17. Exavior

    Exavior [H]ardForum Junkie

    Messages:
    9,652
    Joined:
    Dec 13, 2005
    For everyone getting up in arms about this. There is a good chance that your phone account has no pin on it and this could be done to you with less effort. So having a pin of 0000 unless the user decides to change it is no different that the default of no pin at all unless you call your telephone company to have a pin added to your account to but a port freeze on it.

    Honestly, as much as I dislike comcast and their fuckery behavior, this is a story that has no idea what it is trying to bitch about. What's next going after a window company because it was realized that a brick could open a window and how this is a massive injustice to the people.