Comcast: No Evidence That Personal Sub Info Obtained By Mail Server Hack

Comcast said it is investigating a claim by a hacker group that claims to have broken into a batch of the MSO’ email servers, but believes that no personal subscriber data was obtained as a result.

“We’re aware of the situation and are aggressively investigating it,” a Comcast spokesman said.  “We take our customers’ privacy and security very seriously and we currently have no evidence to suggest any personal customer information was obtained in this incident.”

Earlier this week, a hacker group called the NullCrew FTS claimed that 34 Comcast mail servers are vulnerable to one local file inclusion vulnerability exploit, and was used to nab Lightweight Directory Access Protocol  (LDAP) passwords and MySQL credentials. The group boasted about the hack on Twitter with a link to a Pastebin document containing the data (the data has since been removed).

NullCrew also took to Twitter to urge Comcast to “[f]ix the vulnerabilities in your mail servers before we pwn them…”

NullCrew also took credit for a data breach at Bell Canada that exposed more than 22,000 usernames, passwords and some credit card data, according to Threatpost.