
Change your passwords: Comcast hushes, minimizes serious hack - 6cxs2hd6
http://www.zdnet.com/change-your-passwords-comcast-hushes-minimizes-serious-hack-7000026118/
======
pmorici
I really dislike Comcast I wish there was a viable competitor for Internet in
my area.

~~~
mcpherrinm
Really? I am new to the US but I have been really happy with my Comcast. Self
install was easy and quick, billing has always worked out fine, and while not
super affordable, 50mbit is the fastest internet I've ever had at home. IPv6
too!

~~~
e40
Wait until you need something fixed. I'm in a residential neighborhood and
have their Business service (faster response, higher speeds, more expensive).
I'm often the first one to report a problem. What kills me is that 99% of the
time it's not anywhere near my modem, but they insist on sending someone to my
location before they'll even do a traceroute and see where the real problem
is.

I usually just keep calling until someone knows what traceroute is. Then, I
plead with them to run it before making me do all the things I already did
("Please power cycle the modem" ... and wait several minutes).

And, I haven't even gotten to when they started charging me $10/mo for the
router, when they told me it was included in the service. Their reason? It's
not required equipment. But it is. I have a static IP and I have to use their
modem. However, I didn't find this out until I bought two different modems at
the suggestion of different CSRs. Thankfully I bought them from Amazon and
didn't have to pay a restocking fee or postage.

So, yeah, when it works and you're in the first year, it's all good.
Otherwise, they suck ass.

~~~
lesterbuck
When I was considering switching from very slow DSL to Comcast in 2010, I
looked at the Comcast business class contract for my home office. OMG that is
a bad contract. You can get free or reduced installation charges for longer
contract terms, but if you stop using the service during the term (e.g., you
move), you still owe Comcast for 75% of the charges you would have paid for
the entire term. Here is that clause:

"Termination Charges: Charges that may be imposed by Comcast if, prior to the
end of the applicable Service Term (a)Comcast terminates Services for cause or
(b) Customer terminates Services without cause. Termination Charges with
respect to each terminated Service Order shall equal, in addition to all
amounts payable by Customer in accordance with Section 5.3, seventy-five
percent (75%) of the remaining monthly fees that would have been payable by
Customer under the Service Order if the Services described in the Service
Order had been provided until the end of the Service Term. In the event the
Agreement is terminated as herein described during the initial Service Term,
Termination Charges shall also include one hundred percent (100%) of any
amount paid by Comcast in connection with Custom Installation, as that term is
defined in Section 2.6, for the Services provided by Comcast under the Service
Order."

This and some other weird clauses totally freaked me out for business class. I
backed off and ended up getting normal consumer class, and then relayed
anything needing a static IP off a $15/yr VPS. That has worked out really well
and I am a happy Comcast customer, which is a pleasant surprise for me.
(Fingers crossed!)

------
josefresco
It's impossible for me to change my Comcast password ... let me explain. I
have a "custom" email address for my Comcast account. I have never used the
Comcast provided email or login (customer for 10+ years). Many years ago when
I signed up I managed to setup my own email and have used it ever since.

Fast forward 5 years and I'm attempting to authenticate an iPad TV app with my
Comcast account and I have a brain freeze on my password. I attempt a reset
and it doesn't' work. I try again, and again, from differing machines and
finally call. Long story short they have no record of my email and can't reset
the password. My only option is to revert to the Comcast supplied email which
I have never used and don't even know.

Luckily I remembered my password and was able to simply move on but was
shocked that there was simply no official way for me to retrieve or reset my
password yet I have an account that still works (even for billing)

~~~
dec0dedab0de
Support will reset your password if you verify your information with them. I
just had to do this for my mom so she could watch the Olympics on her ipad.

~~~
josefresco
I tried (via telephone) and they basically told me it was impossible, they had
no record of my email in their system. This could have been simply incompetent
support, however as I successfully guessed my old password I didn't feel like
wasting another hour explaining my situation to a new rep with a small
likelihood of solving or even improving my situation.

------
colinbartlett
I haven't been a Comcast subscriber in years, but I wonder if my credentials
from ages ago could have been compromised?

~~~
erichurkman
Set them up with a unique password; then, even when this situation repeats,
you'll only have exposed your Comcast account (likely not that important).

------
rikacomet
Apparently they did more. On 8th Feb, I had these two IP addresses checking
out my who.is page.

64.246.165.10

216.145.14.142

I was certainly only curious, because it was a unpublished website with deny-
all for all robots., so tried a reverse-ip using Who.is; To my surprise, the
who.is page for the above two I.P. didn't load, thought it was maybe my
connection, but then, when I used Whois.net to end up with the same result, I
knew something was going on.

It was only after I googled the I.P address I found some dutch reverse I.P
sites that said it was from comcast servers. Though I have nothing worth
hiding, and it was just a testing ground for me, this was apparently not nice.
I only got to know about the hack yesterday.

Perhaps they bulk collected data, using comcast servers?

~~~
dangrossman
Those IPs have nothing to do with Comcast; they're not owned, hosted by or
routed through Comcast. They both resolve to whois.sc -- a whois lookup site;
indexing whois records is what they do.

    
    
        # nslookup 64.246.165.10
        10.165.246.64.in-addr.arpa      name = www.whois.sc.
    
        # nslookup 216.145.14.142
        142.14.145.216.in-addr.arpa     name = www.whois.sc.

------
TrainedMonkey
Can someone confirm exposure level? From article it seems only comcast email
and forum servers were hacked.

Comcast user here, wondering if I need to change comcast account password.

~~~
thezilch
Just do it; assume the worst; save yourself real trouble.

~~~
sxates
I have comcast, but have no idea what my account credentials are. I have never
logged in to anything for them...

~~~
AH4oFVbPT4f8
[https://login.comcast.net/myaccount/lookup](https://login.comcast.net/myaccount/lookup)

Use that with your service location to get your username and from there do a
password reset.

------
GabrielF00
Free HBOGO for everyone!

