Having just replaced the credit card whose numbers Target gave up to hackers, and frozen our credit files to ward off identity theft since Buck Consultants posted my wife’s Social Security number on the web, imagine the joy I felt the other day upon learning that hackers got inside Comcast’s email servers and probably made off with my account info.
The truly cool part of this is how I had to find out about Comcast’s pwnership from various computer security blogs. Although it is crystal clear that Comcast suffered a serious databreach, the Internet service monopoly refused to acknowledge it to the computing press for several days, and has yet to notify me as a customer, instead opting for what I call Ostrich Syndrome.
In my case, giving some hacker access to my Comcast account is not horrible, because in all the years since Comcast bought its way into the Houston market and became “my” monopoly Internet provider, I have never used their “free” email account for anything. My name and correct home address are attached to the account, of which I am not thrilled, but that’s about it. But lots of Comcasters actually use those accounts, for things such as purchasing pay-per-view content, which means they have credit card information on file. And, as Violet Blue has noted, Comcast allows one to add six additional user logins to one’s account, potentially giving six hackers the ability to charge many hours of dirty cable porn or live boxing matches to one’s credit card which, of course, would suck.
So do what doctors recommend, and sign in to your Comcast account and change your password. This is what Comcast should have told you about six days ago, but their PR department has been too busy trying to cover its huge ass to think about the customers yet. I’m sure they’ll be right on it any month now.
For the curious, it turns out that the hacksters gained access to Comcast servers using a Zimbra mail system exploit that had been publicly reported in December, but Comcast’s IT department never bothered to patch their own servers.
That doesn’t surprise me at all and in fact is typical of cable company behavior. I know, because I went to work for Comcast predecessor Time Warner Cable 15 years ago to help them launch their first broadband Internet service. The head of their Internet division had never used email, so I had to show him how. I was hired to create content for their Internet division web site and, when I pointed out to them that their web servers needed to be set up and secured, they told me they assumed that was my job, even though I had never worked on server-side content or programming in my life. Eventually they hired someone whose main job was to keep the servers secure. That person had never seen a web server before taking the job. Their Internet service call center consisted of a roomful of people with canned answers written on little cards. They could not share a user’s computer screen and walk them through any sort of process, because Time Warner had not provided its own call center with Internet access. And so forth and so on.
That was the system in place when Comcast took over in Houston, and sources who still worked there when the switchover came told me that Comcast ran things with even fewer and less-experienced technical support than Time Warner had.
So remember, you’re on your own, peoples. Be careful out there.