Xfinity Mobile PINs were left as '0000' by default
In the cases where fraudsters got access to people's data, they went wild.
Comcast is a media and telecoms conglomerate that made close to $28 billion in the last three months of 2018. You would think that a company of that size, and wealth, would be able to avoid a security blunder akin to making all default passwords "password." Alas, according to The Washington Post, the company allowed its customers Xfinity Mobile accounts to be hijacked because the default PIN was... "0000."
Apparently, Comcast has allowed several of its customer accounts to be hijacked in this manner, allowing fraudsters to ratchet up a sizable credit card bill. The report explains that Comcast doesn't prompt users to create a unique PIN, which it apparently does to make people's lives easier. When reporters contacted the company, it said that it was working on a fix for the PIN-based solution.
In a statement sent to Engadget, a Comcast representative said that "We have already implemented a solution that provides additional safeguards around our porting process, and we're working aggressively towards a PIN-based solution."
As usual, the advice to everyone is to not reuse passwords, keep things switched up on the regular and make sure critical accounts are secure. And hope that Comcast can afford to hire someone who knows a thing or two about passwords, like any pre-schooler who built their own pillow fort.
Updated March 1st, 8:43 to include statement from Comcast.
