Comcast put Xfinity Mobile users in danger of being hacked with the world's worst PIN

Comcast put Xfinity Mobile users in danger of being hacked with the world's worst PIN
You may want to think twice before buying the Galaxy S10 from Xfinity

Xfinity Mobile can be a great alternative to the nation's big four carriers when looking for a place to buy a new iPhone or a high-end Samsung handset from. That includes the Galaxy S10, S10+, and S10e, all of which are still eligible for massive savings in the form of free $250 Visa prepaid cards at the Comcast-owned MVNO (mobile virtual network operator).

But as recently discovered by a number of existing Xfinity Mobile subscribers, the 2017-launched wireless service is shockingly open to security vulnerabilities. Seemingly taking a page out of Kanye West's risible device protection playbook, the carrier provides all user accounts with the same "0000" PIN default rather than locking every phone number behind a unique code. That's actually even worse than Kanye's notoriously bad iPhone authentication method, which had a few extra zeroes thrown in for good measure the last time the rapper visited the White House.

Due to Comcast's negligence, one Washington Post reader claims his Xfinity Mobile phone number was hijacked, switched to a new account on a different network, and used for the unauthorized purchase of an Apple computer. The payment was purportedly charged to the victim's own credit card, which somehow remained linked to the account created by the fraudster with another wireless service provider.

For its part, Comcast claims this horrifying affair was made possible by previous, non-Comcast related breaches of security, where a password belonging to the same user may have been revealed. In other words, the cable giant is not completely at fault here, although to its credit, it's admitting partial blame for this incident and a few others impacting a "very small number of customers."

Going forward, a unique "PIN-based solution" will be implemented to better protect Xfinity Mobile customers from such easy hacks. That's all well and good, but how could a tech company of Comcast's sheer size ever think "0000" was an acceptable way to secure mobile accounts?

FEATURED VIDEO

3 Comments

1. TheOracle1

Posts: 2340; Member since: May 04, 2015

How is Comcast to blame here? Just about every new account for many things has a generic pin like that and you're instructed to change it immediately on activation.

2. pimpin83z

Posts: 595; Member since: Feb 08, 2019

This has got to be bad for all 13 Xfinity mobile subscribers.

3. Reybanz88

Posts: 101; Member since: Jul 28, 2016

Lmmfao

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.