Comcast set mobile pins to ?0000,? helping attackers steal phone numbers

That means that an attacker who acquired a victim's Comcast account number could easily port the victim's phone number to another carrier.Comcast told Ars that "less than 30" customers were affected by the problem, that it has implemented a fix, and that the company will eventually roll out a real PIN-based system to further protect customers. The Post's Geoffrey Fowler reported:"This is a security hole large enough to drive a truck through," reader Larry Whitted in Lodi, Calif., wrote last week.As a customer of Comcast's Xfinity Mobile phone service, Whitted says someone was able to hijack his phone number, port it to a new account on another network and commit identity fraud. In addition, customers can further protect their Xfinity account by signing up for multi-factor authentication," Comcast said in a statement provided to Ars.Comcast's statement also said that "the fraudulent porting of mobile numbers is a well-known industry issue and not unique to Xfinity Mobile." But Comcast could have minimized the risk of attack, even for people using weak account passwords, by requiring customers to choose a unique PIN when signing up for mobile service.Here's what Comcast said about changes it's made and will make:We have also implemented a solution that provides additional safeguards around our porting process, and we’re working aggressively towards a PIN-based solution. So there is no way to port the number out of Simple Mobile without that PIN, even with a police report.""The exact same thing happened to me," another customer wrote in the forum.Jim5359 had asked the Comcast customer rep why there wasn't a PIN to prevent the unauthorized number port."I was told that Xfinity Mobile does not allow adding a PIN to your number and the PIN is 0000 for all numbers," jim5359 wrote.