Home / Innovative / Comcast set Xfinity Mobile PINs to '0000' by default

Comcast set Xfinity Mobile PINs to '0000' by default

Xfinity Mobile phone service vulnerable to hacks and identify the default PIN codes of its accounts to "0000," making it easy for malicious third parties to steal customers' identities. The Washington Post to describe "a tech horror story," which Comcast then confirmed.

The hacked user, from California, the post office he had his phone number hijacked and transferred to a new account, with his credit card still attached to the new phone. The hacker then uses the card to buy a new Apple computer in Georgia. If the PIN sounds familiar, this might be because of Kanye West's iPhone X password to 000000 ̵

1; not a great look for any standard tech user or hip-hop mogul, but even worse for the IT department of an enormous telecommunications company servicing tens of millions of people.

Xfinity Mobile customers have their numbers stolen, as well a password. For those unfamiliar with Xfinity Mobile, it's a service that piggybacks of Verizon's network, but compliments it using Wi-Fi hotspots scattered around the country. As a result, it typically has lower-cost data plans, although the company has recently been placing restrictions on mobile data usage to try and curb high-bandwidth video viewing.

On Xfinity forums, one user who said his number was said to be with the comcast another carrier that had no control over. Another user pointed out that two-factor authentication would not help in this case, as it would not prevent a hacker from porting out the number.

"We're aware of a very small number of customers affected by this issue, but even having a customer impacted by this one too many," a Comcast spokesperson tells the Verge . The company said it was "working aggressively towards a PIN-based solution." It's reaching out to a customer. The Xfinity Mobile account number, which may have been exposed as the result of other unrelated data breaches.

Still, Comcast does not really explain why 0000 was the default PIN to begin with. It's advising users to use strong, unique passwords and enable multifactor authentication, but both measures only help the company gives users the ability to set unique, strong PINs from the onset.

Disclosure: Comcast is an investor in Vox Media, The Verge 's parent company.

Source link