CYBERSECURITY: Comcast set Xfinity Mobile PINs to ‘0000’ by default, leaving customers vulnerable to hacks.

via theverge:

Comcast left customers of its Xfinity Mobile phone service vulnerable to hacks and identify theft by setting the default PIN codes of its accounts to “0000,” making it easy for malicious third parties to steal customers’ identities. The vulnerability was pointed out by one user who wrote in to The Washington Post to describe “a tech horror story,” which Comcast then confirmed.

The hacked user, from California, told the Post he had his phone number hijacked and transferred to a new account, with his credit card still attached to the new phone. The hacker then used the card to buy a new Apple computer in Georgia. If the PIN sounds familiar, that might be because Kanye West made headlines for setting his iPhone X password to 000000 — not a great look for any standard tech user or hip-hop mogul, but an even worse one for the IT department of a enormous telecommunications company servicing tens of millions of people.

There’s no excuse for this kind of thing in 2019, or even 2009.



h/t SG