Comcast home page hacked

Comcast's Web portal has been hacked, leaving some subscribers unable to access their e-mail.

A company spokeswoman confirmed that the Comcast Web page had been hacked late on Wednesday. Subscribers who tried to access the site to check e-mail or access the company's official forums were greeted with this text instead:

The hackers apparently changed Comcast's registrar account at Network Solutions, which altered the DNS servers that were used to direct Comcast.net requests. In other words, the hackers essentially redirected traffic destined for the URL Comcast.net. Instead, the traffic went to IP addresses in Germany and elsewhere, reported the blog Broadband Reports.

Comcast has stopped the traffic from being redirected to bogus servers, but users were still having trouble accessing the page as of 11:30 a.m. EDT. The reason is that it could take hours for the redirected traffic to propagate through DNS servers throughout the Internet.

So far there is no indication that any of Comcast's customers' personal or private information has been jeopardized. But the incident serves as a reminder of how vulnerable users of Web e-mail can be. Security experts recommend that users change their passwords frequently. Ideally, people should change them once a week. If that seems too difficult, changing passwords once a month is still better than nothing. Experts also warn not to use birthdates, pet names or even family names as passwords. Instead, use mixed up letters and numbers.

[fafafooey]

The article doesn't make sense. In paragraph 1 it says "Comcast's Web portal has been hacked". Then in paragraph 3 it says "The hackers apparently changed Comcast's registrar account at Network Solutions".

So which was it? Did they hack Comcast's portal or did they hack Network Solutions?

[The_Decider]

@fafafooey

CNET writers don't have enough technical knowlege to make such obvious distinctions. Either that or hacking a web site and DNS poisoning are the same thing.

[zeroplane]

Comcast
It's Craptastic!

[The_Decider]

Eh? How is this the fault of Comcast since they didn't get hacked?

[badasscat]

"So far there is no indication that any of Comcast's customers' personal or private information has been jeopardized."

Well, duh. The DNS routing was changed, nothing was actually hacked. It would be like if I went out and changed the routing of the road in front of your house one day so it curved off to the left before it got you home. Would you be saying "oh my gosh, I'd better check my locks!"?

Nobody's password was compromised, and that whole last paragraph up there was just unnecessary and misleading.

[HAT4RACK]

My first thought was also "duh" about personal information not being at risk. Since traffiic was simply redirected, then existing data on real comcast sites was not affected. But if the hackers first setup a real looking comcast.net, then put some data gathering code on that fake site, and THEN redirected traffic, unsuspecting users would likely end up providing usernames and passwords to the fake site. Granted, the only websites I've created are piddly FrontPage sites, and I am NO security expert, but the risk seems plausible.

[tekwiz4u]

How did they gain access to Network Solutions and change the DNS information? If they didn't change a password, which they constantly tell us to do, then its funny how this happened to them.

[RompStar_420]

Well, this isn't the first time that a DNS record has been hacked and traffic re-directed. This means that the way record registration works is flawed and needs to be addresses and fixed.

[jrm125]

I know this is wrong to say...but...good. I hate comcast.

[um-m]

your an idiot

[hawkeyeaz1]

HAT4RACK has it right: if the DNS poisoners had thought of it, they could have had a thriving phising scheme for at least a few hours before anyone noticed, and they could have obtained hundreds or thousands of logins, and thus they could have mined a lot of information (email contents, Comcast service info, possibly credit card #s, etc).

[The_Decider]

I am sure they thought of it, but didn't have such nefarious intensions.

[hawkeyeaz1]

They could have also put up a phoney alert saying customers shoudl download a certain file "for security" or "better performance" due to upcomming "network upgrades" and infected customers and had more/larger botnets.

[Rob_mc_1]

It is still possible to have data at risk because we dont know if mail.comcast.net was redirected as well in the dns poisoning. Any mail cleint may have tried to authenticate with a fake mail server and failed mean while the dummy server may collect that data. the home page wouldn't matter if a person just looks at the mail client and not webmail. 1000's of user names and passwords may already be stolen.

[Lerianis]

It didn't effect the mail server, as far as I know. I have a Comcast mail account, and as far as I can tell, it was working correctly while their homepage was not working correctly.
At first, I thought it was a problem on MY END, until I went to a forum and saw that a bunch of other people were having the same problem I was.

[Listen2MP3]

What about all the e-mail to the comcast.net domain. Was that all redirected to email servers not under adminstrative control of Comcast?

[abbottpark]

I agree this needs to be investigated. We need some answers from Comcast.

[JonathanPDX]

Hunt them down and cancel their internet access...permanently.

[Laughing.Man]

I find it slighly funny no one has really noted that it wasnt Crapcast that got hacked but Network Solutions.

[The_Decider]

I see you didn't read many responses

[Frogbugz]

Classic DNS poisoning not a hack! C'mon CNet!

[Emilio2000]

It appears Comcast is having trouble fixing this. It is now 6 pm on Thrusday evening (May 29) on the West Coast (or 9 pm on the East coast), and I still can't send any eamil to Comcast subscribers. All emails bounce back with a message saying the email address is "unroutable". I have tried emailing about 3 dozen Comcast customers, and they are all unroutable.

By my estimate, it is now almost 24 hours that Comcast customers have been without reliable email service.

The worst part is that these people are probably not even aware that they are not receiving any email. They are probably wondering why there is still no news from me.

[Lerianis]

Uh..... Comcast people can get e-mail all over the country. If your things are bouncing back 'unroutable' then there is a bigger problem on your end.

[igl00lgi]

I had a flash back to 1998 after reading this. Thought I was seeing a CNN "expert" talking about something internet related.

[ushiokun]

Actually, as of 8:50 PM on Thursday, I still cannot access www.comcast.net. So the Comcast customers are not wondering why there is no email, but they are frustrated not to be able to access the Comcast Webmail.

[josh-wood]

I am a comcast employee, IP support.....Network solutions got hacked not us