Comcast Covers Up Recent Hack of at Least 34 Mail Servers

Computer Hacking

Comcast Corp. (NASDAQ:CMCSA) is downplaying the results of a hacking operation by the group NullCrew FTS, which stole information from the company’s mail servers last week, according to a report from PC World. The hacking group claims to have accessed 34 different Comcast mail servers by exploiting an unpatched vulnerability in the Zimbra server software. The hackers stole what are called “Lightweight Directory Access Protocol” passwords as well as MySQL credentials.

Lightweight directory access protocols, for non-techie readers, is a protocol used to access and maintain directory information services. The concept is somewhat similar to the idea of a telephone directory that contains a list of users’ telephone numbers; such directory information services are used for any kind of organized set of records, including e-mail directories.

NullCrew FTS posted details of their success, a “recipe” of sorts, on the website Pastebin, which provides an internet tool allowing anyone to store text online for a limited length of time. The site is primarily used by programmers to store pieces of source code, but anyone can store any type of text on the site. The hacking group also included a list of the company’s mail servers as part of their exposé.

Early on, it was reported that stolen passwords were also posted by the hacking group, but that claim has since been refuted. NullCrew FTS also taunted Comcast on Twitter with quips like, “Fun fact: 34 Comcast mail servers are victims to one exploit.”

Comcast is facing criticism not only for downplaying the severity of the hack, but also for waiting more than 24 hours to respond to the information. Press requests for comment were ignored until, a full day later, the company released a statement to the B2B website Multichannel News. It told the outlet that it was “aggressively investigating the situation.”

The company’s statement reads: “We take our customers’ privacy and security very seriously and we currently have no evidence to suggest any personal customer information was obtained in this incident,” per ZDnet.

The initial report of the hack by ZDNet advises Comcast users to change their passwords immediately. While there’s still no hard evidence that personal information was stolen during the 24-hour window that followed the hack, anyone with a little know-how could gain access to a user’s “master e-mail address,” which is used to manage a user’s services as well as access important data like payment information. Hence, even if you don’t use Comcast for e-mail, there’s still a risk that your information is vulnerable.