Xfinity Mobile Left Customers Vulnerable To Hackers With 0000 Default PIN
Comcast wanted to make it easier for customers to transfer a device to a new carrier. They do not prompt customers to punch in a unique PIN when the customer creates a new account; Instead, they decided that “0000” would be the default PIN for all customers.
This plan has quickly backfired. Xfinity Mobile customer Larry Whitted of California reported to the Washington Post that an identity thief had been able to access Whitted’s phone number and credit card number. The thief then used Whited’s credit card number to purchase a new Apple computer in another state. Other Xfinity Mobile customers have also complained that their phone numbers have been hijacked.
Comcast has responded that they, “have already implemented an authentication solution that provides additional safeguards around our porting process, and we're working aggressively towards a PIN-based solution.” They urge customers to create unique passwords and use multi-factor authentication. Unfortunately these security measures will be useless if the user’s number and information have already been compromised.
Xfinity Mobile is a mobile virtual network operator (MVNO) service that relies on the Verizon Wireless network and is only available to Comcast customers. Xfinity Mobile launched in 2017 and boasted 1.2 million subscribers at the end of 2018. The service has sadly already encountered a number of issues during its short lifetime.
This past summer, Comcast revealed that video streaming for the service was capped at 480p and hotspot tethering reduced to 600 Kbps, even if the customer was paying for “unlimited data”. Comcast argued that they were trying to help users save money and encouraged them to upgrade to their “By the Gig” option. Many customers felt cheated out of services that should have been free with their plan.
Please never rely on a default PIN for security. Let’s hope that Comcast does away with such a silly policy and focuses on security over convenience.