Comcast put Xfinity Mobile users in danger of being hacked with the world's worst PIN3
You may want to think twice before buying the Galaxy S10 from Xfinity
Xfinity Mobile can be a great alternative to the nation's big four carriers when looking for a place to buy a new iPhone or a high-end Samsung handset from. That includes the Galaxy S10, S10+, and S10e, all of which are still eligible for massive savings in the form of free $250 Visa prepaid cards at the Comcast-owned MVNO (mobile virtual network operator).
2017-launched wireless service is shockingly open to security vulnerabilities. Seemingly taking a page out of Kanye West's risible device protection playbook, the carrier provides all user accounts with the same "0000" PIN default rather than locking every phone number behind a unique code. That's actually even worse than Kanye's notoriously bad iPhone authentication method, which had a few extra zeroes thrown in for good measure the last time the rapper visited the White House.But as recently discovered by a number of existing Xfinity Mobile subscribers, the
Washington Post reader claims his Xfinity Mobile phone number was hijacked, switched to a new account on a different network, and used for the unauthorized purchase of an Apple computer. The payment was purportedly charged to the victim's own credit card, which somehow remained linked to the account created by the fraudster with another wireless service provider.Due to Comcast's negligence, one
For its part, Comcast claims this horrifying affair was made possible by previous, non-Comcast related breaches of security, where a password belonging to the same user may have been revealed. In other words, the cable giant is not completely at fault here, although to its credit, it's admitting partial blame for this incident and a few others impacting a "very small number of customers."
Going forward, a unique "PIN-based solution" will be implemented to better protect Xfinity Mobile customers from such easy hacks. That's all well and good, but how could a tech company of Comcast's sheer size ever think "0000" was an acceptable way to secure mobile accounts?