February 10, 2014, 11:14 AM — Last week, hacktivist group NullCrew claimed to hack Comcast, the largest ISP in the US. You might have missed this event, as Comcast is essentially sweeping the issue under the rug, but nevertheless, if you're one of Comcast's millions of subscribers, you should change your password.
A statement from Comcast says the company does not believe (or have any evidence) that customer information was stolen in the attack. On February 6th, however, NullCrew posted on Pastebin the alleged details of at least 34 Comcast mail servers--with a link to the root file for the vulnerability it used to hack the servers. The Pastebin page was available for 24 hours, during which Comcast said nothing.
While it doesn't appear user passwords were exposed, the vulnerability was public for that day (a vulnerability, by the way, that was disclosed and fixed by other companies in December 2013).
Even if you don't use Comcast's email service, the master email account used for all Comcast services is vulnerable--and the account contains credit card and other sensitive data.
ZDNet's Violet Blue recommends changing all your passwords connected to your Comcast account, as well as non-Comcast accounts where you use the same or similar password.
I know that most people would rather clean the toilet than change their passwords, but you know that safe > sorry.
Read more of Melanie Pinola’s Tech IT Out blog and follow the latest IT news at ITworld. Follow Melanie on Twitter at @melaniepinola. For the latest IT news, analysis and how-tos, follow ITworld on Twitter and Facebook.