Reply
Contributor
Posts: 21
Registered: ‎07-18-2008

Comcast email server compromised?

I spent 1/2 an hour yesterday waiting to speak with a security specialist at Comcast regarding the hijacking of my email account. I was also a victim of having my account hacked and my email address book used to send spam.

 

I was told that "many customers" had the same issue, and that Comcast was "investigating".

 

At their request, I completely scanned my computer using several different virus scanners and found no infection. As far as I could determine, the spam emails were NOT sent from my computer.

 

The "Sent Items" folder on my Comcast Webmail account had all the spam emails, so the spam originated from the Comcast email server. In addition, the address book that was used was the online address book I had stored on the Comcast system. It was not the address book on my computer.

 

I changed the password on my Comcast email account and on all my other accounts. The Comcast account was the only email account (I have several) that was compromised.

 

I would like to know the result of the Comcast "investigation." It seems unlikely to me that "many customers" user ID/passwords were compromised all at the same time by "guessing" or keylogging or any other individual computer infection. This appears to me to be a case where the Comcast email system itself was compromised, possibly through a back door of some sort.

 

I would like to know what Comcast is doing to prevent their server from being compromised in this way again. I have lost any kind of trust that the Comcast email server is secure, and that this won't happen again.

Security Expert
LoPhatPhuud
Posts: 2,841
Registered: ‎11-01-2005

Re: Comcast email server compromised?

Question. Was the password used for the Smartzone account, used anywhere else, especially social media sites??



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Contributor
Posts: 21
Registered: ‎07-18-2008

Re: Comcast email server compromised?

Yes (not any more of course). I think this would only be relevant if this was the case with all the other Comcast customers whose email was hijacked, wouldn't it? And why did all the hijacking occur at about the same time?

Security Expert
LoPhatPhuud
Posts: 2,841
Registered: ‎11-01-2005

Re: Comcast email server compromised?

[ Edited ]

There is nothing at this time to indicate someone broke into the Comcast servers, so I would not be too hasty to point fingers. If the server was compromised, I would expect to be notified.

 

Using the same password for more than one account is the most likely source. If used on multiple logons, then the risk is compounded. Always use a strong, secure password for each site.

 

The information I have been able to obtain indicates the password was used in more than one place for many of the compromised accounts.

 

None of the malware logs I have reviewed where an web based email account was hacked have shown keyloggers or password stealers. Most likely the userid and password was obtained through clever social engineering (eg: links in email, attachments, phishing pages,etc)



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Contributor
Posts: 21
Registered: ‎07-18-2008

Re: Comcast email server compromised?

Also, none of the other accounts was compromised, as far as I know.

 

I just hope that Comcast keeps us in the loop on determining the probable cause of so many email accounts being hijacked. I would be surprised if they do.

Contributor
Posts: 21
Registered: ‎07-18-2008

Re: Comcast email server compromised?

Has there been any update on Comcast's investigation into the recent hijacking of many customer's email accounts? In my case, I know that somehow someone got my Comcast User ID and email password. Here's how:

1. My computer is completely clean of any "infection". I have scanned it with multiple malware and virus scanners and I run the Norton Security suite provided by Comcast. I also have a firewall in place. I am virtually certain that my computer is clean.

 

2. The spam emails did not originate from my computer. I know this because I use Outlook and keep a copy of all sent items. The spam emails did not appear in my sent items folder.

 

3. The spam emails originated from the Comcast web mail or the Comcast email server. I know this because the Sent Items folder in the Smartzone WebMail app has all the spam emails. I also know this because the address book I stored online in Smartzone was used to generate the spam emails. This was an old address book and had many dead emails in it. It does not match the address book I maintain on my computer. This means that the hijacker was able to access my address book and send emails using my account information. That means that the hijacker "fooled" Comcast by using both my user ID and my password.

 

4. How did the hijacker get my User ID and password? It was suggested that the hijacker might have obtained these from another site, such as Facebook or another site where the same User ID and password combination was used as for the Comcast email. I think this is unlikely, because:

*The email address and password combination being duplicated would have to be the case for ALL the customers whose Comcast emails were recently hijacked. It seems unlikely that so many customers would have this situation, i.e., subscribe to Facebook and have identical passwords for their Facebook account and for their Comcast email.

*If there was even one customer whose password was not obtained in this way, then it is unlikely that was the method for "many customers" whose accounts were hijacked.

*Another method for obtaining a password such as keylogging or phishing would have to have been used AT THE SAME TIME, because many customers were hijacked at the same time.

 

5. The Comcast email account hijackings occurred over a relatively short period of time and affected many customers. That means that whatever method or methods were used to obtain user ID and passwords were synchronized and occurred en masse. That means that it is more likely that one method was used to hijack all the accounts, than addresses that were obtained randomly through a bunch of different methods.

 

All of these factors make me suspicious that the Comcast email server, or the Plaxo app used for the address book is not secure. Further, it appears that there was a massive security breach that compromised many email accounts, and allowed a hijacker to obtain user names and passwords that provided access to many address books. The spam emails that were sent contained links that, if followed, would validate an address that was stolen from an address book.

 

I look forward to an explanation from Comcast about why this security breach occurred, and what they have done to fix it.

Contributor
daddydriz
Posts: 6
Registered: ‎04-27-2011

Re: Comcast email server compromised?

Comcast's silence is deafening.  Clearly there was a security breach of some sort on Comcast's end. 

Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: Comcast email server compromised?

I have no idea how you come up with a clear security breach at Comcast.  Clearly you are jumping to conclusions without evidence.  While it is possible such a breah happened, I have heard no such rumor or hints.  However, there have been some other very high profile breachs on other systems, such as the PlayStation Network.  Millions of userids and person infomation were stolen, there was also a high profile grab at some 3rd party internet marketing firm (the name escapes me at the moment), etc.  Any could be the source here, and even if they did not exist it would be very simple to take your typical spam list, gather Comcast userids and then start a password crack.  Those with weak and obvious password would be the first victims in such a scheme.

Contributor
Posts: 21
Registered: ‎07-18-2008

Re: Comcast email server compromised?

Why are you so quick to defend Comcast?

 

What it comes down to is that many Comcast customers had their userID/pass broken. Pretty much all at the same time.

 

How do YOU explain that?

Service Expert
Bartleby
Posts: 5,499
Registered: ‎11-10-2003

Re: Comcast email server compromised?

[ Edited ]

I won't defend Comcast on this one...and really don't see Baric as doing so, myself.  He's interpreting the evidence as he chooses, and pointing out that other possible explanations exist.

 

FWIW, the sort of complaint raised in this thread has been noted several times over the course of quite a while.  So your claim that this has happened "pretty much all at the same time" doesn't jive with the forum record.

 

Don't know how Baric would explain it, but if Comcast account info was compromised, it could have come from a source outside of Comcast.  And we don't have compelling evidence of a Comcast breach, despite your earlier points (I'm responding by the numbers, below):

 

1. Although your computer shows no sign of infection, that's not a compelling argument that your Comcast account login info must have been compromised by a "back door"--or some method of cracking the Comcast servers.  It could easily have come from another site where you had stored that information.  Using the same password for access to multiple sites registered using the same e-mail address is a bad idea.  As has been pointed out.

 

2. No argument on either this point or number 3, in your earlier post.

 

4. I don't see how you can realistically claim that it is unlikely that many Comcast customers may be using another service (facebook, e-bay, etc.) where they had recorded their e-mail address and used the same password as they had registered with Comcast.  Sadly, such practices are commonplace.  People don't want to remember multiple passwords, so they use a "favorite" anywhere they are asked for a password.  And many users don't like using strong passwords that would be resistant to cracking (and hard to remember).  Articles about common passwords are pretty easily obtained on the web.  Also, even if one customer had their information "taken" through some method that didn't involve use of the same password information at multiple sites, it wouldn't negate a security breach elsewhere would it?  I mean, even if I knew that my computer (for example) was infected--and my info stolen as a result--would that mean a major compromise such as that on the PlayStation network didn't matter?  Or that it couldn't have provided login/identity information for a great many Comcast customers?  I don't follow your argument at all on this point.

 

5. Not sure what you consider the "relatively short period of time" involved, as I mentioned.  And even if information was received for many customers at one time (through a source that might well not have been Comcast), that doesn't mean all of the information would immediately be acted upon.  Even if the compromised information were made freely available to the "black hat" community, that doesn't mean every account will be compromised as a result. 

 

I do share your concerns, and have questioned whether use of the Plaxo functions might be a factor for at least some who've reported your issue.  But I suspect there are multiple ways these account breaches have happened.

 

Some customer information may have been compromised from the inside.  We aren't being told if that was the case--and I doubt we ever will, even if it proves to be true.

 

Massive security breaches have been reported recently.  And they affected huge number of users of multiple services.  And the breaches were all outside of Comcast's control.  And since the breaches were at multiple services that stored account information on their users, and the breaches were spread over time, each could have resulted in more instances of spamming by masquerading as a customer.

 

If Comcast has discovered vulnerabilities on their side, I trust they will take steps to address them--but doubt we'll ever know what they were.

Security Expert
LoPhatPhuud
Posts: 2,841
Registered: ‎11-01-2005

Re: Comcast email server compromised?

[ Edited ]

 


harphacker wrote:

What it comes down to is that many Comcast customers had their userID/pass broken. Pretty much all at the same time.


 

 

And that is all you know for certain. Anything beyond that is pure conjecture.  There are several possibilities, only one of which is a Comcast breach. But there nothing so far to indicate any one had more weight than the other.



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
Contributor
Posts: 21
Registered: ‎07-18-2008

Re: Comcast email server compromised?

As far as I'm concerned, the ball is in Comcast's court to explain exactly why this happened, and I'm expecting such an explanation. If my Comcast UID/pass was stolen or somehow breached. that means the hijacker not only got access to my email, they also got access to all my online Comcast account info. This is a serious problem, to me.

 

My computer was not the source of the spam emails. At this time, I've eliminated my computer as the source of my UID/pass theft. I do not respond to phishing emails. The only possibility left is that the hijacker somehow stole my password off another account, and used it to gain access to my Comcast account. I find that unlikely.

 

This happened to many customers, both recently and earlier. It seems to have been happening in waves. However, the UID/pass info is getting stolen, it is happening to large groups of customers at more or less the same time.

 

What I have done is forwarded the first spam sent from my account and the last to abuse@comcast.net. I've told them that an unauthorized user had accessed my account during that time, and that whoever was logged on to SmartZone at that time should be identified as having stolen my UID/pass.

 

I want to know how this works out for them, and I want to know what they find out.

Contributor
Contributor
Posts: 17
Registered: ‎03-11-2007

Re: Comcast email server compromised?

My Comcast email account had just also been hijacked today.  As with the others, I don't believe my computer has been compromised, as I have always followed best practices in protecting it.  I do believe that somehow has gotten to my email credentials through the Comcast server for the same reasons other subscribers have posted here.

Email Expert
CCCarole
Posts: 28,884
Registered: ‎05-21-2006

Re: Comcast email server compromised?

gmt-

If you haven't already, change your password to a strong password consisting of upper & lower case letters, some numbers, and a character or two.  Please check your Sent Folder in Smartzone as well.  Do you see messages there that you did not send?  If so, I would also delete the contacts from the SZ address book.

 

Here is just one post made recently by a Comcast Administrator:  LINK   There are others posted by some of the other Moderators too inother threads that you can search through.  Comcast is aware and working this issue.  There have also been some hacking highly publicized in the news lately- I think the most recent one was with Best Buy.

 



Need Email Help? Please post the following information in your post.
Do you use XfinityConnect? The Full or Lite version?
Do you use an email client? Which one? (Eg; Windows Live mail, Outlook, a smartphone etc.)
Which browser/version do you use? And- have you cleared your browser cache?
Which operating system? XP, Vista, Windows 7, Mac OS X
Details of the problem you are having.




Contributor
Contributor
Posts: 17
Registered: ‎03-11-2007

Re: Comcast email server compromised?

[ Edited ]

I have already changed my password, but I don't want to delete the few email addresses I have in my SmartZone account.  Those are emails I need to know when I am on the go - which is exactly why someone needs an address book on his/her webmail account.

New Visitor
mikgig
Posts: 1
Registered: ‎05-15-2011

Re: Comcast email server compromised?

i got hit on Friday, 5/13, after my email stayed in the outbox. i was pointed to the url regarding spammers and email account being compromised.

 

http://customer.comcast.com/Pages/FAQViewer.aspx?seoid=VBOB

 

 

 

 

Networking Expert
Baric
Posts: 24,238
Registered: ‎07-28-2003

Re: Comcast email server compromised?

Just out of curiousity, how many of the people having this problem have a Facebook account and have used the friend finder tool on Facebook that asks for your email address and password? 

Contributor
Contributor
Posts: 17
Registered: ‎03-11-2007

Re: Comcast email server compromised?

Nope, I do not use Friend Finder in facebook at all.  I don't even show my email address to my facebook friends or to anyone on my facebook account.

Contributor
contractslady
Posts: 6
Registered: ‎05-16-2011

Re: Comcast email server compromised?

My email account was also hacked this weekend and I know of at least 5 other people who experienced the same problem.   I do not use the same password for other email accounts and I do not use the friend finder on Facebook.

 

Ran virus scan this morning and all is clean.    This is embarassing the type of spam that is being sent to my friends and colleagues due to this hacker.

 

What can I do now?    What is Comcast going to do to help their loyal customers?

Contributor
daddydriz
Posts: 6
Registered: ‎04-27-2011

Re: Comcast email server compromised?

contractslady--

 

Apparently Comcast is going to do nothing.  There is obviously an issue and I feel we've been left to our own devices.  While the suggestion to change our passwords at comcast.net is obviously wise, it doesn't tell us how our accounts were compromised.  Was there a hack at Comcast?  Facebook?  Some other site we all use?  In any event, I deleted my online address book at smartzone.  It is a pain to type the address every time I want to email from there, but it is better than the embarrassment of spam coming from me. Good luck!

Contributor
contractslady
Posts: 6
Registered: ‎05-16-2011

Re: Comcast email server compromised?

Thanks for the reply.

 

Even if we delete our address books, don't they already have the information?    I don't know much about how this works so any help would be greatly appreciated.

 

Thanks again

Email Expert
CCCarole
Posts: 28,884
Registered: ‎05-21-2006

Re: Comcast email server compromised?

A number of different hackings has taken place in the past month or so. Including Best Buy and Sony as the most recent ones that I can recall.

Please read this post too.  Clickable link



Need Email Help? Please post the following information in your post.
Do you use XfinityConnect? The Full or Lite version?
Do you use an email client? Which one? (Eg; Windows Live mail, Outlook, a smartphone etc.)
Which browser/version do you use? And- have you cleared your browser cache?
Which operating system? XP, Vista, Windows 7, Mac OS X
Details of the problem you are having.




Contributor
daddydriz
Posts: 6
Registered: ‎04-27-2011

Re: Comcast email server compromised?

Your'e welcome.  I'm not sure how it works, but I haven't had the problem since I did the "fix" that Comcast suggested (address book deleted and password changed). 

 

David

Contributor
contractslady
Posts: 6
Registered: ‎05-16-2011

Re: Comcast email server compromised?

Ok, changed my password already.   The address book deletion will be a complete pain in the *ss.

 

Thanks again

Contributor
Posts: 21
Registered: ‎07-18-2008

Re: Comcast email server compromised?

I wonder how many of the folks whose email accounts were hacked on this thread used the same password for their comcast email account on another site?

 

I did. I'm fairly certain that my Comcast password and user ID were not stolen from my computer. That means that they were stolen from somewhere else. It could be that the password and user ID were stolen from Comcast or some other unauthorized access occurred.

 

I used the same password on other sites. If another site, possibly with less security, was hacked, and my email address and duplicate password were stolen, it is possible that a hacker could use my email address as a user ID and the stolen password to "try" to log in at Comcast Smartzone.

 

I think the emails that were sent from my account contained a link where the hackers were looking for a click, i.e., is the email that was scraped from this address book go to a live user. If someone clicks on the link, then that email address is validated.

 

It could be that this is part of a large scale email address list scam, where the hackers sell validated email address lists.

 

For me, the lesson here is not to use the same password all over the place.

Contributor
Posts: 21
Registered: ‎07-18-2008

Re: Comcast email server compromised?

Hi, my guess would be that if you changed your password, you don't need to delete the address book. Just don't use that password anywhere else, ever again.

 

I'm not an expert though, and probably the safest thing to protect your friends is to delete your address book, in case this is an inside job inside Comcast.

Contributor
Contributor
Posts: 17
Registered: ‎03-11-2007

Re: Comcast email server compromised?

[ Edited ]

@harphacker: I don't think so ... I always use my gmail email account to subscribe to online services. I only use my comcast account to send emails to close friends and family.  For me, I can only think of the Comcast email server as the culprit.

Email Expert
CCCarole
Posts: 28,884
Registered: ‎05-21-2006

Re: Comcast email server compromised?

We have seen this over & over again in forum posts- Users using the same password in multiple places, in addition to using a password that is easy to guess. Hackers/spammers will harvest email addresses if they can.  Selling the lists is a big business for them and it is an on going 'fight' againest spammers/hacking.

 

FWIW:  A strong password should consist of upper & lowe ccase letters, numbers, and a character or two.

 

Here is a link which also contains information about protecting your PC.  LINK

 

CC



Need Email Help? Please post the following information in your post.
Do you use XfinityConnect? The Full or Lite version?
Do you use an email client? Which one? (Eg; Windows Live mail, Outlook, a smartphone etc.)
Which browser/version do you use? And- have you cleared your browser cache?
Which operating system? XP, Vista, Windows 7, Mac OS X
Details of the problem you are having.




Email Expert
CCCarole
Posts: 28,884
Registered: ‎05-21-2006

Re: Comcast email server compromised?

I have requested that an Administrar reply to this Thread.

CC



Need Email Help? Please post the following information in your post.
Do you use XfinityConnect? The Full or Lite version?
Do you use an email client? Which one? (Eg; Windows Live mail, Outlook, a smartphone etc.)
Which browser/version do you use? And- have you cleared your browser cache?
Which operating system? XP, Vista, Windows 7, Mac OS X
Details of the problem you are having.




Contributor
Posts: 21
Registered: ‎07-18-2008

Re: Comcast email server compromised?

FYI, I used and use a strong password. I don't think it was guessed. As I said, it was either stolen from Comcast or from another site.

Contributor
Posts: 21
Registered: ‎07-18-2008

Re: Comcast email server compromised?

That seems like a pretty conclusive indicator. I assume you checked your computer for viruses, and did not respond to any phishing emails.

 

If you eliminate your computer as being where the breach occurred that allowed your password/userID to be stolen, then it had to have either been guessed or stolen somewhere else. If you have a strong password and didn't use it anywhere else, then that means the Comcast server must have been compromised.

Contributor
Posts: 21
Registered: ‎07-18-2008

Re: Comcast email server compromised?

Someone checked this as having been solved. For me it is not solved. I want to know what unauthorized user accessed my Smartzone Account, and what is being done to make sure this doesn't happen again. We have at least one user here (Mr. GMT) who eliminated his computer as the source of the breach, has a strong password (eliminating guessing) and didn't use the password anywhere else (not stolen from another site). That means we have one user who's account was breached and there is no way to explain it except that Comcast security was breached.

Email Expert
CCCarole
Posts: 28,884
Registered: ‎05-21-2006

Re: Comcast email server compromised?

I don't see this Thread marked as solved, sometimes a user will mark their post as solved in error too.

But in Message #29, I did say that I have requested an update answer from an Administrator.

 



Need Email Help? Please post the following information in your post.
Do you use XfinityConnect? The Full or Lite version?
Do you use an email client? Which one? (Eg; Windows Live mail, Outlook, a smartphone etc.)
Which browser/version do you use? And- have you cleared your browser cache?
Which operating system? XP, Vista, Windows 7, Mac OS X
Details of the problem you are having.




Official Employee
ComcastJordan
Posts: 788
Registered: ‎03-17-2008

Re: Comcast email server compromised?

Folks,

We have been looking into the issues reported on this thread and at this point it does appear these are issolated cases of account compromise due to UIDs and passwords that were guessed/harvested/collected by spammers.  We have absolutely no indication that is is a breach of Comcast's systems.  Obviously we take such a threat very seriously. 

 

For those that have posted that they have strong passwords and secured wireless networks, I would say it's possible that the password was exposed if used on another site.  If you're still seeing evidence of your account being misused, please change your password and scan for viruses as you normally would.

 

We recognize the concern this issue brings and do not take the matter lightly.  We continue to be vigilant to ensure your data is secure.

Web Page Expert
BethKatz
Posts: 6,198
Registered: ‎11-14-2006

Re: Comcast email server compromised?


Beamer8298 wrote:

I think I have traced my issue to a genealogy rootsweb email and the offender is Plaxo.  Are you familiar with this company?  

If you could let me know how to block this as the emails don't come directly from Plaxo. 

This is the email that started it all and I don't know a Robert Sutton

 


Today's Topics:

   1. Re: Robert Sutton added you as a contact to his Plaxo address
      book 

.......


Beamer8298, I moved your post to less public space because it contained so many email addresses.

Contributor
Posts: 15
Registered: ‎10-11-2006

Re: Comcast email server compromised?

Since network security it what I do for a living, I think I can say with great certainty that this is not Comcast's fault.   There are many ways your username and password could have been hijacked.   While it is not well known, one of the most common ways is that another machine on your home network could have been compromised (this is why my kids are on a separate subnet despite my having two different firewalls).   There are lots of ethernet sniffers "delivered" as email "payloads".

 

If you use your laptop at an open hotspot (like a bookstore or a coffee shop), unless they use a decent encryption like WEP (and most don't), the person at the table next to you can be capturing your every keystroke.

 

If you have done much travelling, you could have been the the victim of someone coming into your hotel room and duplicating your hard drive.   I've had this happen in China and in France (since I knew it was a possibility I had put a specially sanitized drive in before I left the US - and thereby got proof of where the copying was done and when).

 

Depending on how your network vendor is set up, man in the middle attacks are possible where everything you type and everything the network responds is captured.

 

If you have a wireless network in your home, a drive by or a neighbor could be piggybacking on your network and you'd never know it.

 

Many software systems are still shipped with default passwords.   If a bad guy is able to get to one of those, you could be vulnerable without your even being aware of it.

 

I could list dozens of other ways you could have had your password "lifted" but I think you get my point.

 

As a very large service supplier, Comcast has the most to lose if there is a breach which is due to their ineptness.   I've studied their processes and procedures quite closely and find them to be high quality (unbreakable, no, but it would take an NSA level attack probably including physical compromise of one of their trunk cables).   I also have little programs which I randomly disperse to assess all the vendors I work with.   I've never caught Comcast "with their e-pants down".   This is not to say it can't happen but the odds of their being at fault here are extremely low.

 

Yes, you should change your password and do it regularly.   You should never write it down either on a Post-It or in a file on your computer.   You should be very careful when you are using an open network line.   You should protect yourself from the collateral damage of your partner or family being broken into.   You should never open email from an unrecognized source.   You should never "confirm or validate" your account information unless you are ABSOLUTELY certain the request is legitimate.   Most firms (like Comcast, PayPal, Verizon, eBay, etc) offer you ways of making certain you are not being phished.

 

There are lots of bad guys out there.   The best estimate of credit card fraud for 2009 is almost $75 billion.   That is incentive to get even the slimiest of creatures to crawl out of the woodwork running any and all sniffing programs and scripts they can find.   If you doubt my disdain for the mindlessness of these script kiddies, just count how many emails you have received in the last month offering to let you share in a huge sum of money that needs to be "repatriated".   Most people know by now such messages are scams, but just enough don't to make such fraud profitable.

 

You probably got caught in some password trawling operation.   It has happened to everyone, experts included.   Practice "safe computing" and you will minimize the chances of it happening again.

 

Just don't go around publicly blaming any vendor until you have serious forensic proof.   Saying "I did everything right so it must be their fault" simply does not hold water.

Regular Visitor
Posts: 4
Registered: ‎05-14-2007

Re: Comcast email server compromised?

Sorry, I was thinking of this as Comcast help and not a public post forum.  My apologies.  I didn't see anything here in the reply about Plaxo and if you know anything about it?

Contributor
Posts: 15
Registered: ‎10-11-2006

Re: Comcast email server compromised?

I was really replying to the whole thread where a number of people were slamming Comcast for being the route by which their passwords had been hacked.  You just happened to be at the end of the "conversation".

 

If you want to have the blocking done at the Comcast end, one way that will work, albeit slowly at first is to mark every mail from Plaxo as spam.   The Bayesian filter will learn that you don't like Plaxo and stop delivering it to your in-box.   If it is just a single Plaxo user the same approach will work (maybe) depending on the granularity to which they parse source addresses.

 

If you are reading your Comcast email on a client package (I'll use Apple Mail as an example, but essentially all clients offer comparable capabilities), open one of the offending messages, go into Preferences and then into Rules.  Create a new rule which says "if the sender of the email is" and you should see the offending sender is already loaded in the next field, then "move to trash".   The unwanted mails will still come in but you will not see them.

 

Does that sort of help ?

New Visitor
metooo
Posts: 1
Registered: ‎05-20-2011

Re: Comcast email server compromised?

Sorry gang but this is definitely on the Comcast side of the house.  How can I make such a statement? 

 

1.  The contact list used to send the spam was an old list that is stored only on the Comcast server.  Not at home, not in gmail, not on work Outlook no where else.

 

2.  My password for Comcast email is unique - I use it no wireless

 

3.  I am not a memeber of Plaxo, Facebook, or other social sites with the exception of Linked in where again my password and login are unique

 

I find it incredibly hard to believe that this seemingly large number of people all feel into the same trap at relatively the same time this past weekend. 

 

A note from Comcast acknowledging the incident, suggestions on how to avoid future attacks, potential ways this could have happened is really what should have occurred.  I have changed passwords on virtually all my accounts using different networks connections, different computers and different IP address to help isolate any further issues should they occur. 

 

With predictive analysis Comcast should be seeing patterns and threads that would tell them what I as a customer need to know. 

 

Don't get fooled again -

 

 

Contributor
contractslady
Posts: 6
Registered: ‎05-16-2011

Re: Comcast email server compromised?

Can someone really hack into a personal computer when it is turned off?   Know of 2 people besides myself that were hacked and computers were off all weekend. 

 

Just wondering......

Contributor
Posts: 15
Registered: ‎10-11-2006

Re: Comcast email server compromised?

I hate to be harsh, but you are getting multiple issues confused.   What I said was that your user name/password was hacked - somewhere, somehow - and gave some scenarios where that could have happened.  Once the bad guys have that, they can log into your Comcast account and do whatever they want.  

 

I am not doubting your description at all.   Given the huge number of compromises of systems that have happened in just the last few weeks, the odds are quite good that someone did get one of your usernames and one of your passwords.   Once they have a single "entry point" they can follow the bread crumbs to get lots of stuff, including your Comcast contact list.  Its really not that hard to do.

 

There is no way that Comcast can detect if someone logging in with your valid username and password is not you.

 

Blaming them for having been hacked directly is both unlikely and extremely difficult to prove.

 

Changing passwords on a regular basis is a good thing to do.   Making the passwords hard to guess helps a little, but not much.   Using an anonymizer and/or single sign on which is housed solely on your laptop/home machine is also a good step.   If someone has compromised your home network or a wireless LAN at a public hotspot they can get your Comcast username/password in a heartbeat if you contact the site from an insecure area.

 

Lets put it another way, if someone steals your wallet and then goes to the bank holding your drivers licence, your Visa card, and even some other form of ID - if they look like you do in the ID photos - how is the bank to know they are being fraudulent.   Are you going to claim the bank got hacked - no, because complete consistent credentials were presented to them in order to get your money.

 

There is no question that you got hacked somehow but it is almost impossible to know exactly how it happened.   The last numbers I saw claimed that over 100 million Americans had at least their usernames and physical addresses stolen since the beginning of this year.   Sony's Playstation Network was catastrophically hacked and Sony can not even be sure if charge card information stored with your account was compromised.

 

This is a very complicated area and pointing fingers here does not help.   I have no great love for Comcast for operational reasons, but they do know their security and they execute it quite well - a lot better than some other companies I will not name here.

Contributor
Posts: 15
Registered: ‎10-11-2006

Re: Comcast email server compromised?

When your computer has no electrical power going through it, it can not be hacked.  The problem of getting hacked is that you can never be sure when it happened.  I worked on a case where the usernames and passwords were taken last October but the first use didn't appear until March.  Best guess is that the lists got sold and resold until someone thought their tracks were well enough covered to where they could safely be used.   In this particular case they were wrong and they are now behind bars but that end result is quite rare.

 

To show you just how complicated this problem is becoming - look at the case of the SecureID from RSA.   It was thought to be so strong that the military used it for authorizing certain classes of weapons systems.   For those of you who haven't seen one, the ID cards have a display which shows six digits and they change every 60 seconds.   You also have to enter a 4 digit PIN which hopefully you will never have written down.   The window of vulnerability is tiny - you would have to get the PIN and ID and use it within however little was left of the one minute window.   After the window changed, the password had changed and the old one would never work anywhere else.   The circuitry of the cards was embedded in epoxy so any attempt to open the car for analysis would destroy the electronics.

 

The server you contact would know, down to the minute, when you got your card and what the initial key was for generating a completely unique series of 6 digit patterns - good for life and only for you.

 

It sure sounded solid - and it was for at least 15-20 years.   Within the last six months it was broken and the milions of cards which were supposedly providing perfect security were now worthless.   I will not divulge any of the details of the break except on a provable need to know basis but it was due to a set of circumstances which the original designer had never considered.  

 

So - if someone stole your physical ID card and somehow got your 4 digit PIN - would it be right or correct to blame Comcast if they relied on your "credentials" when there was no way they could tell they had been broken.

 

So the bottom line in all this is that hundreds to thousands of servers and desk top machines are being hacked and/or spied on every month.   Everyone (at least those wearing white hats) is trying their best to protect your information but there are an exploding number of vulnerabilities and the bad guys are getting ever smarter (and there are tons of web sites to teach the dumb ones how to be more clever).

 

I am getting no pleasure or reward for defending Comcast here.  They, like you, are victims of a culture of electronic theft and criminality.   Working collectively we have a chance of possibly stemming the tide eventually, but blaming another victim serves no positive purpose (unless you enjoy venting at an innocent victim).

Contributor
Posts: 21
Registered: ‎07-18-2008

Re: Comcast email server compromised?

Hi. I provided Comcast with the dates and times that an unauthorized user had accessed my SmartZone area using a stolen UID/pass. They should have a record of the IP where that login came from, shouldn't they? Wouldn't that lead them to the person that stole my UID/pass?

Contributor
contractslady
Posts: 6
Registered: ‎05-16-2011

Re: Comcast email server compromised?

siliconsadist-

 

thanks so much for taking the time to provide such a thorough explanation to this non-technical user.   Your example of the SecureID was scary at best as I thought this technology to be very secure.

 

Thanks again

Contributor
Posts: 15
Registered: ‎10-11-2006

Re: Comcast email server compromised?

What you provided them could possibly be quite helpful.  It might not be sufficient if they accessed your account from a public hot spot.   I am not aware of any commercial hotspot which gathers the hardware address of your network adapter to where they could confirm a machine identity.   Even if they did, there is no national registry of chip ID's which would lead back to the computer's owner.

 

That said, my hat is off to you for providing them with the data you could assemble.  Even the knowledge that there are getting to be more active, knowledgeable users should at least slow down some of the hackers.   We're all in this together.

Contributor
Posts: 15
Registered: ‎10-11-2006

Re: Comcast email server compromised?

Please don't hesitate to post additional questions or comments.   I'll do my best to answer them.  The more we all know, the better we can defend ourselves.   One topic I am truly passionate about is the risks when our children have computers which are on our home LAN's with the same subnet masks.   What that means is if one of their machines gets compromised, it is easy for the bad guys to install an ethernet sniffer which will capture every one of your keystrokes before it ever gets to your firewall or any encryption devices.

 

Furthermore, there is a technique called IP forwarding which causes great risks for our employers if they let you connect to work computers from home.   The way it would work is that someone would open a trojan horse "back door" on your child's computer.   The bad guys would connect to it and everything they type would be funneled to your "trusted" machine and passed into your employer's network with everyone believing that it was you typing and accessing data.   No matter how carefully your employer checked your hardware and IP addresses there is no way for them to detect that it is not your keyboard generating the commands - that they are coming from somewhere else and piggybacking on your being trusted.

 

Regular Visitor
Posts: 1
Registered: ‎01-17-2009

Re: Comcast email server compromised?

I warned Comcast about the possibility of this happening almost a year ago when we still had McAfee and i could trace the routes of ports attempts and pings. I warned them that Comcast itself was being used CONSTANTLY as a ping, routing through as many as ten locations before coming through one of their servers and trying to find an unguarded computer. I am not an expert. At the time I had a PC (which I spent so much time keeping safe that it was getting ridiculous). I was running Microsoft's Defender and the parts of ZoneAlarm that I felt I needed so between the info that McAfee provided and these two software parts, I could tell what the different pieces were in Comcast's downloads. I, too, waited forever, was transferred repeatedly, when I questioned a part of one of their downloads that gave Comcast automatic access to my pc (was told it was suppose to be for troubleshooting, but even Microsoft removes that when you are done with them on line. I voiced my concerns about all the "bad" guys out there using their servers to ping off of and try and hit customers and they blew me off. I have a Mac now and hardly spent any time on maintenance. BUT THEY TOTALLY BLEW ME OFF. Like I said, I'm no expert, but I have been using Windows since its inception, and I know how to look at patterns. I hope this is not endemic of what is to come. Comcast is not transparent about what they do. And I am already upset about the FCCs director approving Comcast's merger w/NBC and then the director bolting for the newly merged company. Reeks to me. Peace.

Web Page Expert
BethKatz
Posts: 6,198
Registered: ‎11-14-2006

Re: Comcast email server compromised?


lindaclaudine52 wrote:

.... I have a Mac now and hardly spent any time on maintenance....


As a longtime Mac user, I warn you that many of these same attacks are happening. Most malware is Windows-specific in that it runs only on Windows machines. But anything intercepting traffic on your local network is not OS specific. Neither are the ping and port access attempts. So the threat of having other local machines infected could still be a problem.

 

You still need to be careful about what you click on and what software you install.

 

If you aren't already doing so, use a non-admin account on your Mac for normal use.

 

Sorry for the thread hijack, but using a Mac doesn't remove all threats.

 

Contributor
Posts: 15
Registered: ‎10-11-2006

Re: Comcast email server compromised?

I agree with the above posts.   The Mac operating system is pretty secure and the number of viruses which attack it are less than Windows.  Network attacks are system agnostic so vigilance in every direction is warranted.

 

During the last 72 hours I have had a less than pleasant set of exchanges with Comcast.   While they gush phrases about wanting to offer world class customer support their front line technical expertise is nowhere near what it used to be and they do not hesitate to make blatantly wrong statements if it will help to get the customer to just stop bugging them.   It is indeed a shame to see a company which used to pride itself on expertise sink so far.   I am no longer as convinced as I was that they are running their systems securely.

Administrator
ComcastLarry
Posts: 2,070
Registered: ‎05-04-2011

Re: Comcast email server compromised?

Sorry for the late response, but was all your questions answered?

 

Thanks,

 

-ComcastLarry-

Thank You

-ComcastLarry-