Reply
Contributor
Posts: 15
Registered: ‎10-11-2006

Re: Comcast email server compromised?

Alas, despite a promise of hearing back promptly, I have heard nothing further.   I'm happy to go into detail (including the emails and a transcript of the chat session), but I would prefer to do it offline rather than in a public forum.

Email Expert
CCCarole
Posts: 28,883
Registered: ‎05-21-2006

Re: Comcast email server compromised?

You can send a Private Message to ComcastLarry.



Need Email Help? Please post the following information in your post.
Do you use XfinityConnect? The Full or Lite version?
Do you use an email client? Which one? (Eg; Windows Live mail, Outlook, a smartphone etc.)
Which browser/version do you use? And- have you cleared your browser cache?
Which operating system? XP, Vista, Windows 7, Mac OS X
Details of the problem you are having.




Official Employee
ComcastJordan
Posts: 788
Registered: ‎03-17-2008

Re: Comcast email server compromised?

Siliconsadist,

If you have not heard from ComcastLarry, you can feel free to PM me and we'll look into the issue further for you.

New Visitor
geokirk
Posts: 4
Registered: ‎05-30-2011

Re: Comcast email server compromised?

I too have been attacked in the exact same manner. Only my on-line email is being used, not my normal PC login through Outlook. Despite deleting all items in the on-line address book, the thief (hacker) harvested and is using the old contacts list, as none now exists. I suspect this is Comcast's Servers that are being used, but I do not know that for a fact. I have not heard anything from them. Since complaining more emails have been sent out from my on-line email account. I have now changed my password. If anymore occur, it would have to be Comcast's servers.

 

Comcast can easily trace not only the IP address that the email came from and probable street address, but also the MAC address of the computer's network card. It is Comcast's job to block that MAC address from gaining access to their/our accounts. It is also there job to provide a level of service that reasonably protects us. I will soon move my email, as Comcast has allowed mine to become trashed with friends.

Regular Visitor
Posts: 4
Registered: ‎05-14-2007

Re: Comcast email server compromised?

Mine was done on the online account also.  Only those contacts were used not the ones from my outlook.

Contributor
Posts: 5
Registered: ‎02-14-2007

Re: Comcast email server compromised?

Exact same problem here.  I normally use gmail but I used SmartZone one time and wouldn't you know it -- immediately the recipient, who happened to be my only SmartZone contact, began receiving a barrage of spam from my account. 

 

  • All of the spam is in my SmartZone sent items folder.  
  • All of the recipients (only one in my case) are in my SmartZone address book.
  • I only use strong passwords (I'm an IT professional with security certs).
  • This password was NOT used elsewhere.
  • My computer definitely does not have a virus.  It is hardened and scanned for viruses regularly.
  • I use a firewall and NAT router.
  • My wireless connection uses WPA2 with AES encryption and a strong passkey.

 
As others have mentioned in this thread, I am suspicious that the breach is occurring on Comcast's servers.  Nothing else makes sense in my case.  Needless to say, I changed my password and I will be clearing out my address book and avoiding SmartZone and my comcast.net email address going forward.

Contributor
Posts: 15
Registered: ‎10-11-2006

Re: Comcast email server compromised?

It is certainly possible that Comcast's servers were hacked but there are so many other ways that the information could have been purloined that I'm not sure throwing darts at anyone is going to accomplish much.   Just within the last week there were major data thefts at Citibank and at Lockheed Martin.   Both of those companies are well stocked with highly trained, vigilant IT security people and they had a lot more to lose if they were broken into than Comcast does.

 

I'm not trying to downplay the damage you suffered and the inconvenience, but the bad guys are getting ever cleverer and are finding new and unusual ways to break in.

New Visitor
geokirk
Posts: 4
Registered: ‎05-30-2011

Re: Comcast email server compromised?

I think I may have gone directly from Comcast on-line email to a news article. I then selected to send to another. I vaguely recall it asking if I wanted to use my contacts. As I recall the email never got sent and I saw something flash. I could be wrong, but the timing is very close to the event. It is possible that with Comcast open and having my password in, that some how there is an opening that either uses the Comcast cookie or takes control of Comcast's email.

 

That is my best bet. I rule out it coming from Comcast or any other large database. That Comcast has done zero to address this, says a lot about them.

 

I can get everything Comcast offers me for less with a new cable provider in town. My bill is well over $200 a month (HDTV, DVRs, Phone, Internet). Their competitor is highly rated by Consumer Reports for SERVICE, so I guess it is a simple decision.

 

I hope someone gets them to protect their customers.

New Visitor
Posts: 3
Registered: ‎10-28-2008

Re: Comcast email server compromised?

I have someone sending emails from my comcast account to two ppl in my contact list.  If I change my password to my account will that fix the problem if the issue began with the comcast email server being compromised?  You seem to know a lot about this ...I have other email accounts (not comcast) and this has never happened to me before!

 

Help!

Contributor
Posts: 5
Registered: ‎02-14-2007

Re: Comcast email server compromised?

[ Edited ]

bew8689 wrote:

I have someone sending emails from my comcast account to two ppl in my contact list.  If I change my password to my account will that fix the problem if the issue began with the comcast email server being compromised?  You seem to know a lot about this ...I have other email accounts (not comcast) and this has never happened to me before!

 

Help!


I assume you are seeing the spam in your SmartZone sent items and nowhere else?  If not, someone could be spoofing your address -- something you have no control over.


In my case spam was sent in batches every few days.  I only changed my password a couple of days ago but so far no spam has been sent.  I'm hopeful it will solve the problem.  If it does, it would seem to indicate that some passwords may have been compromised at a specific point in time, i.e. it isn't active malware on a Comcast server that bypasses authentication.

Contributor
Posts: 15
Registered: ‎10-11-2006

Re: Comcast email server compromised?

I'm not a gambler, but I would happily bet any of my teenagers that the mail is not actually being sent from your comcast account.    Forging email headers is trivially easy.   Not a day goes by when I don't receive email supposedly sent by me, either to me or to someone else whose spam filter decides to return it to me and tell me I am a "bad boy" for sending it.

 

Whether or not Comcast was actually compromised is unclear.   Within the last week there have been tons of additional personal information thefts.   All you have to do is find out the name of someone you send mail to.   Then the miscreant forges mail which looks like it came from you.   They open it and now they are compromised.   Then if they send anything to you it is very possible that their mail is infected with a trojan "horse" or a self replicating virus.

 

I can say with absolute certainty that the rate of email compromises will only increase.   I have one filter on my comcast address and one on the address I have everything auto forwarded to.   Then I have a mail client pick up the mail from that site.  The client has yet a third filter and I still get almost a dozen spams making it through the three layers of silicon barbed wire.

 

So - it really doesn't matter if it was the Comcast server that got hacked or not.   I have talked with their technical people in great detail.   They know their stuff and they are working really hard to keep everything safe and secure.

 

Let me propose a hypothetical situation (I don't know if it has happened at Comcast but it definitely has at several defense contractors).   The server is behind a really strong, solid firewall.   All the filters are properly defined and self consistent.   All of a sudden a "bot" is discovered on the secure server, causing all kinds of problems for thousands of people.   What happened ???   It is actually simple.   In every organization everyone has a boss.   When the boss sends email, you have to read it (until you open it you don't know if you are being summoned to a meeting, you are being asked for some data, or something else quite legitimate).   In one case I know extremely well, a senior executive's account got hacked so that every email he sent out contained a viral payload.   His company was very careful.   For him to log into a company computer from home he had to authenticate himself with a SecureID card from RSA.   The root cause of the breach was that one of his children's computer's had gotten infected with something downloaded from a web site.   That "infection" went and attacked everything on their home network (both parents and all three children had separate computers which, to enable sharing of printers and iTunes libraries, were all on the same subnet.   Dad was careful and ran Norton Anti-Virus on his computer.   Why didn't that pick up the virus - because it didn't come in via a direct communications channel to Dad and in fact Dad was not even logged in he caught the virus.

 

Sorry to be so long winded about this but I wanted you to see that even the most staunchly defended system can have vulnerabilities which were either unforeseeable and/or unstoppable without truly draconian efforts.   If Dad had been a serious technical system administrator (and had money to burn), he could have set up a cascade of firewalls such that each machine was on its own subnet but could perform an authenticated SSL tunnel to a computer which spooled all the print jobs.   It would have been even more complicated to protect iTunes.   No-one in their right mind would go to that effort.   What I have done at home is I have a second physical network for my kids.   It comes in on a DSL line.  They have their own printers and I have a secure proxy machine which synchronizes my iTunes library with theirs (I send stuff to theirs but I never accept anything back).   This machine is outside my three (yes, three) home firewalls.  

 

Breaking my system would be very hard to do, but I don't kid myself that it is impossible.  Too many people know me so that any hacker would get broad bragging rights if they could prove they had stolen MY address book.  Obviously I try hard to keep that from happening.

New Visitor
geokirk
Posts: 4
Registered: ‎05-30-2011

Re: Comcast email server compromised?

Yes, changing your password works!

 

New Visitor
Posts: 3
Registered: ‎10-28-2008

Re: Comcast email server compromised?

yes, i am seeing the spam in only my sent file and nowhere else.....so changing the password might solve that problem?

New Visitor
Posts: 3
Registered: ‎10-28-2008

Re: Comcast email server compromised?

I have to admit that your response was so long that i just skimmed it.

 

the reason i think it is a comcast problem is that i only have 2 email addresses in my comcast "address" book...cuz i never use it...don't know how those got there...

 

and the spam is sent only from my account to those two specific email addresses..

 

 

Contributor
Posts: 5
Registered: ‎02-14-2007

Re: Comcast email server compromised?

[ Edited ]

siliconsadist wrote:

I'm not a gambler, but I would happily bet any of my teenagers that the mail is not actually being sent from your comcast account.    Forging email headers is trivially easy.   Not a day goes by when I don't receive email supposedly sent by me, either to me or to someone else whose spam filter decides to return it to me and tell me I am a "bad boy" for sending it.

 




What you are talking about is called email spoofing and I agree, it is very easy to do and there is nothing you can do if someone else's computer is compromised and your email is harvested from their contact list.

 

This specific problem however is different.  The emails originate from SmartZone accounts.  The evidence is in the recipient headers and the spam messages are only found in the SmartZone sent items folder.  In addition, the spam is only sent to SmartZone address book entries.  There is no question SmartZone accounts are being hacked, probably by some kind of bot based on the consistent behavior people are reporting.  What isn't clear is how account credentials have been compromised.  There is some speculation here that another party's site was hacked and email account credentials were exposed.  Others have reported that their passwords were strong and not used on other sites which would seem to indicate the credentials were exposed within Comcast.

Contributor
Posts: 5
Registered: ‎02-14-2007

Re: Comcast email server compromised?


bew8689 wrote:

yes, i am seeing the spam in only my sent file and nowhere else.....so changing the password might solve that problem?


I would do it right away. Don't use one that you have used on other sites.

Contributor
Posts: 15
Registered: ‎10-11-2006

Re: Comcast email server compromised?

Comcast is using Zimbra as the mail server software.   As best I can tell from poking around, the software is pretty solid and it has been configured properly.

 

Just for the fun of itran a test on the mail client on my Android phone.   In order to get my mail from Comcast I had to enter my username and password with a secure boundary vaguely reminiscent of a piece of tissue paper.   I have the ability to send mail from my phone and have it look like it came directly from Comcast.   I am not saying that Comcast was not hacked but it would not be too hard to have messages from a miscreant show up in the sent folder of the hackee....

 

Everyone needs to be as vigilant as they can.   It doesn't matter who actually shot JR, we all have to work together and slow down the hackers as much as we can.

 

Absolutely - changing passwords can help.   Its not clear for how long but it is never wrong to change them often (and if you have a single sign-on program on your laptop you might be doing all this for naught... as that could get compromised).

Security Expert
LoPhatPhuud
Posts: 2,829
Registered: ‎11-01-2005

Re: Comcast email server compromised?

I am not negating any possibility, but what strikes me as odd is the fact that the number of compromised accounts is extremely small, based on what we see here.  If Comcast's servers had been hacked,  I would have expected to see a far greater number of compromised accounts reported here. Remember, Comcast has ~12M customers with internet and all have a Smartzone account. Also of interest is the  fact that only Smartzone accounts with address books have been used.

 

Keeping that last thought in mind, let's look at a plausible scenario.

 

I go to a social media site I belong to. Up pops a dialog asking if I want to notify my friends that I now have an account with ABC Social Media Site. The dialog asks for my username and password to the email account containing the address book I want to use.  It does not matter how strong your password is, when you give someone the keys to it.

 

Again, this is just one example of how accounts can be compromised.

 

 

 

Speaking of strong passwords. Check out the table I posted in the "How strong is your password' topic I posted at hte top of this forum,.



"Once I talked to the inmates of an insane asylum in Hartford. I have talked to idiots a thousand times, but only once to the insane..."
Mark Twain

Microsoft MVP, Consumer Security, 2005-2014
New Visitor
geokirk
Posts: 4
Registered: ‎05-30-2011

Re: Comcast email server compromised?

I have to agree with you. I am still checking to see how it was grabbed.

 

It may be possible to hijack the account only when on-line (not Outlook) with Comcast's "+ add address" feature, since the password is active. I followed one route using my deleted email folder items. I followed one where I clicked on "email my friends", it dropped a list of my previously deleted Comcast on-line address book entries stored by http://www.gigya.com/

 

However, the list was missing a couple of additional people who got spammed. I cleared the old list they had. So it was not them.


Using something similar and more sophisticated to their technique to obtain one's address list is possible. And being logged in to Comcast with cookies active, it might be possible to hijack one's Comcast cookie. Then later use it with a computer programmatically changing its cookies for Comcast. and supply the list they saved (this was what they did, as i deleted the list and they still continued). So far, that is the closest I can come.

 

I hope someone figures out this mystery,

New Visitor
rgawron
Posts: 1
Registered: ‎07-06-2011

Re: Comcast email server compromised?

I too have recently experienced issues where unwanted email was sent from my online Comcast account (zimbra).  Couple of observations from the 2 incidents:

 

 

1) I inadvertantly selected "remember me" when accessing my email account.

 

2) both times when the unwanted email was sent to everyone in my address book, I had recently accessed www.4info.net.

 

comcast uid/pwsd and 4info uid/pswd are different.

 

I've use 4info.com plenty times before but cannot help focus that the site has hidden malware payload.

 

I'm drawing conlusions that some malware/etc is setup to use hack/compromise zimbra.  just do not have enough evidence yet to be conclusive...

 

 

-end-

New Visitor
Mattacus
Posts: 2
Registered: ‎08-10-2011

Re: Comcast email server compromised?

I don't see the benefit in covering up the RSA hack at all.  The more people that know how it was done, the safer they will be.  In short, somebody opened an email attachment that they shouldn't have.  Let that be a lesson to all of us! 

 

The more extensive version played out like this...

 

A cybercriminal, (hacker is something different in my opinion) found a zero day vulnerability in Adobe Flash (which has since been patched to my knowledge).  Zero day refers to the fact that Adobe didn't know about the vulnerability yet, and could not therefore patch it. The hacker knew about it, but nobody else.  You have zero days to prepare for it. Get it?

 

So this criminal (from China btw) made an Excel spreadsheet file with that vulnerability contained inside it (we're talking inside the coding of the file, not like you could see it on a spreadsheet).  He then phished with it, or sent it to several RSA employees (who acording to RSA were most likely receptionists etc.) hoping one of them would open it, thereby firing off the exploit.  Well, it worked.  Some poor soul opened the file and it immediately began sending information about RSA computer infrastructure to the cybercriminal.  He/she then used that information to tunnel in to RSA and ruin everyone's day, and RSA's reputation.

 

The moral of the story is, be VERY careful opening email attachments.

 

New Visitor
Mattacus
Posts: 2
Registered: ‎08-10-2011

Re: Comcast email server compromised?

I also want to add that I'm having some difficulty with Comcast's Smart Zone email on several levels.  First, admittedly, my father was not using a strong password for his Comcast email account.  It wasn't exactly weak either (not like "love" or "pass" or any of that garbage), but then he also used it for other accounts, again, a weakness.

 

Well, somehow someone got ahold of his login and began sending spam emails to everyone in his smart zone contact list.  I have a feeling it was a BOT because it would happen for 30 minutes, cover maybe 60 contacts, and then stop.  Highly automated.

 

So, I changed his password once to something a little stronger, and it happened again.  This got me concerned.  At that point I began running every spyware, malware, and virus check I could think of.  His computer was using Microsoft Security Essentials (which I still recommend) and Spybot SD, but I went ahead and ran SuperAntiSpyware, Malware Bytes Antimalware, and the like.  Some things seemed to come up, which I wasn't happy about, but at least they were found and dealt with.  After that, the full scans came back clear.  At that point I uninstalled all previous security software and installed Comcast's version of Norton and the toolbar, mostly so I could tell them I had already taken those steps when they would ask over the phone, and they WILL ask.

 

So, I changed my father's password to a STRONG password, as strong as Comcast will let you make it with the limit of 16 characters.  We're talking around 90bit here.  I wish I could make it longer, but that's Comcast's error, not mine.

 

Well, my father went to log in today and could not get into his account.  I'm hoping he was just typing it incorrectly (like I said, it's a STRONG password), but when I tried to type it, I couldn't get in either.  So I reset the password and noticed that the security question had not been changed, which, I found strange.  If I were going to hijack someone's email, I would change that so they couldn't get back in.  Anyway, I reset the password to that strong password again, and then installed KeePass so my dad wouldn't have to type it out, thereby negating user error if possible.  Should he not be able to get in again, I will be turning a wary eye at Comcast.  

 

Let's face it, cross scripting attacks, SQL injections, all that nasty stuff is out there and we don't know how hardened Comcast or any corporation for that matter is.  I learned that the hard way with Sony.  I hope this is the end of it, but if not, I'll be back on soon enough with more details.

Contributor
Posts: 15
Registered: ‎10-11-2006

Re: Comcast email server compromised?

System compromises are happing more and more often.   I just had one of my email accounts hijacked by someone from China.   How he got the password I will never know (it was on Yahoo).   I may be complicit to some degree as just a day before Yahoo asked me (yet again) to update to their newest mail system.   Not thinking, I did so.   Shortly thereafter I received a notice asking me for permission to sychronize contacts.   What Yahoo did was synchronize with my address book on my desktop machine.  I should have stopped and thought it thru but I did a knee jerk "yes".   To make a long story short, they got my password and sent out 300 emails in the next 20 seconds.   I changed my password and so far they have not come back so either they are newbies or cyber-zombies who will rise from the dead yet again.

New Visitor
djais1
Posts: 1
Registered: ‎07-01-2010

Re: Comcast email server compromised?

The exact same thing happened to me. I tried to login to my comcast email and received a notice that my password had been compromised. I checked my email account today and 2 more unauthorized emails accounts had been added...even after I changed my password. Basically Comcast stated that the unauthorized email accounts were added on a specific date (when I was on vacation and my home security was activated)  by a remote user. Okay, I did not authorize ANYONE to add these email accounts and I am the only person authorized to make changes to my account.. Comcast is checking to see if my computer has a virus that Norton Antivirus sofware did not catch...we'll see..  

Email Expert
CCCarole
Posts: 28,883
Registered: ‎05-21-2006

Re: Comcast email server compromised?

Information about Passwords:  The article contains great information too.

 

Here is a good article which describes ways that passwords can get compromised.  The best way to stay secure is to use a strong password unique to every online service you use and change it every so often.  

 

Some points to stress ...

-Comcast uses several security measures to protect against brute force attacks, a little too detailed to go into here.

-We store password values using a salted SHA algorithm.  This value is hashed after combining the email address and the cleartext password.  This means that a hash is stored which cannot be decrypted, but only used as a comparison when a login attempt is made.  This ensures that even if someone were to gain access to our secure system, they still couldn't access the clear text value of the password and therefore not be able to login. 

-We provide antivirus programs for free that should be used to prevent viruses and other attacks on our users' computers.

 

There is another type of attack that is not in the article because it technically has nothing to do with your actual account.  This happens when someone finds a valid email address and uses it to spoof messages to several people.  Sometimes this appears to be a hacking of an account when in fact the actual account has never been compromised.



Need Email Help? Please post the following information in your post.
Do you use XfinityConnect? The Full or Lite version?
Do you use an email client? Which one? (Eg; Windows Live mail, Outlook, a smartphone etc.)
Which browser/version do you use? And- have you cleared your browser cache?
Which operating system? XP, Vista, Windows 7, Mac OS X
Details of the problem you are having.