Comcast Sets Default Xfinity Mobile PIN to 0000 and Fraudsters Jump for Joy

[cageymaru]

According to the Washington Post, Comcast extolled the advantages of setting the default PIN on Xfinity Mobile phone service accounts to 0000 as a convenience for its customers. "Comcast's help site for switching carriers suggests this is to make things easier: 'We don't require you to create an account PIN, so you don't need to provide that information to your new carrier.'" Comcast's policy combined with information garnered from past non-Comcast data breaches made life much easier for hackers and identity theft fraudsters.

Xfinity Mobile customer Larry Whitted detailed his experience of someone hijacking his phone number, porting it to a new account on another network, and committing identity fraud. The unscrupulous thief added Samsung Pay to the new account and Whitted's credit card. Then he used it to buy a computer from an Apple Store. Other Xfinity Mobile customers have reported the same issues. Comcast says it is working on a PIN-based solution.

After I contacted Comcast, it said it was making a fix. "We're aware of a very small number of customers impacted by this issue, but even having one customer impacted by this is one too many," a spokeswoman said in a statement. New measures that make it harder to steal phone numbers took effect shortly before I published this column. Comcast said it is also "working aggressively towards a PIN-based solution." Comcast said a fraudster still needs several pieces of customer information to port a number, including the obscure Xfinity Mobile account number that it usually requires a password to access. "We believe this has only affected customers whose passwords might have been included in previous, non-Comcast related breaches," the spokeswoman said.

 

[HeadRusch]

Fucking.
Useless.

 

[Ski]

$100 bucks says the programmers last day (cuz he planned it all along) on the job, he decided the best way to fuck Comcast was to do conduct this little comedy. There's no way in hell someone is dumb or myopic enough to make a password so ridiculously simple. I almost guarantee whoever did this was out of malice or revenge. Would be magnificent if this were true.

 

[Master_shake_]

Comcast said a fraudster still needs several pieces of customer information to port a number, including the obscure Xfinity Mobile account number that it usually requires a password to access.

Ditzy bitch obviously it's fucking happening.

wow.

 

[exiled350]

I get Comcast sucks and all, and that this is a pretty serious problem. But come on, that title looks like something grabbed from the trash bin at a Taboola interns desk.

 

[Sikkyu]

hilarious it is not me

 

[Galvin]

Its cause every company these days outsources IT, which is a security risk

 

[Lakados]

Comcast should be held liable, for all acts of fraud committed by this breach. Until there are real consequences for their actions there will be no resolution

 

[Evil Timmy]

That's amazing, I've got the same combination on my luggage!

 

[commissioneranthony]

Holy. Shit. WOW.

 

[Elf_Boy]

Idiocy

 

[Grimlaking]

That's amazing, I've got the same combination on my luggage!

Nice spaceballs reference.

 

[Krazy925]

Fuck Comcast with a cactus.

 

[mord]

After 3 months of intense research and consulting with top industry leaders, comcast came to a solution that was determined to be the optimal resolution for their customers security at an efficient use of company resources.

The new default pin is 1111.

Thank you for your patience.

 

[umeng2002]

"We ask that you please bear with us."

 

[tetris42]

There's no way in hell someone is dumb or myopic enough to make a password so ridiculously simple.

I think you severely overestimate the competence of multi-billion dollar corporations.

Step 1: Programmer makes code, not his job to set the password, so he leaves it at zero for somebody else.
Step 2: Management doesn't understand any of it, programmer says it's done, so he tells someone else to launch it.
Step 3: Person launching it makes sure it runs, doesn't check password.

Hell, all zeroes is good enough for nuclear missiles.

 

[Exavior]

For everyone getting up in arms about this. There is a good chance that your phone account has no pin on it and this could be done to you with less effort. So having a pin of 0000 unless the user decides to change it is no different that the default of no pin at all unless you call your telephone company to have a pin added to your account to but a port freeze on it.

Honestly, as much as I dislike comcast and their fuckery behavior, this is a story that has no idea what it is trying to bitch about. What's next going after a window company because it was realized that a brick could open a window and how this is a massive injustice to the people.