Please disable your adblock and script blockers to view this page

Comcast set mobile pins to ?0000,? helping attackers steal phone numbers

Xfinity Mobile
Verizon Wireless
Comcast Wi-Fi
Washington Post
Samsung Pay
the Apple Store
Xfinity community
Xfinity Mobile numbers?"Jim5359
CNMN Collection WIRED Media Group
Condé Nast

Jon Brodkin
Geoffrey Fowler
Larry Whitted
Simple Mobile
Ars Technica Addendum



No matching tags


No matching tags

Positivity     33.00%   
   Negativity   67.00%
The New York Times
Write a review: Ars Technica

That means that an attacker who acquired a victim's Comcast account number could easily port the victim's phone number to another carrier.Comcast told Ars that "less than 30" customers were affected by the problem, that it has implemented a fix, and that the company will eventually roll out a real PIN-based system to further protect customers. The Post's Geoffrey Fowler reported:"This is a security hole large enough to drive a truck through," reader Larry Whitted in Lodi, Calif., wrote last week.As a customer of Comcast's Xfinity Mobile phone service, Whitted says someone was able to hijack his phone number, port it to a new account on another network and commit identity fraud. In addition, customers can further protect their Xfinity account by signing up for multi-factor authentication," Comcast said in a statement provided to Ars.Comcast's statement also said that "the fraudulent porting of mobile numbers is a well-known industry issue and not unique to Xfinity Mobile." But Comcast could have minimized the risk of attack, even for people using weak account passwords, by requiring customers to choose a unique PIN when signing up for mobile service.Here's what Comcast said about changes it's made and will make:We have also implemented a solution that provides additional safeguards around our porting process, and we’re working aggressively towards a PIN-based solution. So there is no way to port the number out of Simple Mobile without that PIN, even with a police report.""The exact same thing happened to me," another customer wrote in the forum.Jim5359 had asked the Comcast customer rep why there wasn't a PIN to prevent the unauthorized number port."I was told that Xfinity Mobile does not allow adding a PIN to your number and the PIN is 0000 for all numbers," jim5359 wrote.

As said here by Jon Brodkin