DataBreaches.Net

Menu
  • About
  • Breach Notification Laws
  • Privacy Policy
  • Transparency Report
Menu

Hacker claims Comcast breach linked to unpatched Zimbra vulnerability noted by NullCrew

Posted on November 12, 2015 by Dissent

There’s a new claim in the Comcast breach first reported by Steve Ragan. Darren Pauli reports that a hacker claiming responsibility for the breach notes that it was NullCrew’s hack and taunting of Comcast in 2014 that set the stage for the theft of hundreds of thousands of users’ information. Well, that and Comcast’s failure to have patched promptly when a fix for the vulnerability had been issued prior to the hack.  And of course, storing passwords in plain text didn’t help.

The hacker, using the handle “Orion,” reportedly told The Register:

“So in 2013 December the f****s at NullCrew came across an exploit for Zimbra which Comcast used at this domain *****.comcast.net ,” Orion says.

“NullCrew only got [about] 27k emails with no passwords lol while I got 800k with only 590k users with plaintext passwords.”

The Zimbra vulnerability that NullCrew allegedly exploited, CVE-2013-70911, had been disclosed in December, 2013, and a fix was already available prior to the hack.

The Comcast hack was first disclosed on Twitter in February, 2014, as I had reported here. At the time, Comcast did not seem to respond immediately to the claimed hack, and Violet Blue noted that the lack of immediate response might have consequences:

During that 24 hours, Comcast stayed silent, and the veritable “keys to the kingdom” sat out in the open internet, ripe for the taking by any malicious entity with a little know-how around mail servers and selling or exploiting customer data.

Comcast customers have not been not told to reset their passwords. But they should.

Violet Blue’s comments seem spot on, as Orion claims to have taken advantage during the period that Comcast did not respond to the February 6 announcement by NullCrew. And unlike NullCrew, who seemed more interested in embarrassing companies and making a point instead of actually stealing tons of data and misusing it for commercial gain, Orion may have had a different intent.

Whether “Orion’s” disclosure and claims pose additional problems for Timothy French, now in federal prison awaiting trial for his hacking activities with NullCrew, remains to be seen, but the claims call into question Comcast’s statement that they were not responsible for the breach and that perhaps their customers had downloaded malware from somewhere. If Orion’s claims are accurate, Comcast would appear more responsible for failure to fix the Zimbra vulnerability and failure to respond faster when NullCrew taunted them and then started posting some data to show that they had access.

So yes, Comcast may not have had a recent hack/breach of their system that accounts for a lot of the stale data for sale, but they may have been more responsible than they have acknowledged so far.

No related posts.

Category: Business Sector

Post navigation

← Oz railway lets newspaper photograph train keys
Q3 2015 Data Breach QuickView Report – A Record Breaking Year in the Making →

Now more than ever

"Stand with Ukraine:" above raised hands. The illustration is in blue and yellow, the colors of Ukraine's flag.

Search

Browse by Categories

Recent Posts

  • Air Force Employee Pleads Guilty to Conspiracy to Disclose Unlawfully Classified National Defense Information
  • UK police arrest four in connection with M&S, Co-op and Harrods cyberattacks (1)
  • At U.S. request, France jails Russian basketball player Daniil Kasatkin on suspicion of ransomware conspiracy
  • Avantic Medical Lab hacked; patient data leaked by Everest Group
  • Integrated Oncology Network victim of phishing attack; multiple locations affected (2)
  • HHS’ Office for Civil Rights Settles HIPAA Privacy and Security Rule Investigation with Deer Oaks Behavioral Health for $225k and a Corrective Action Plan
  • HB1127 Explained: North Dakota’s New InfoSec Requirements for Financial Corporations
  • Credit reports among personal data of 190,000 breached, put for sale on Dark Web; IT vendor fined
  • Five youths arrested on suspicion of phishing
  • Russia Jailed Hacker Who Worked for Ukrainian Intelligence to Launch Cyberattacks on Critical Infrastructure

No, You Can’t Buy a Post or an Interview

This site does not accept sponsored posts or link-back arrangements. Inquiries about either are ignored.

And despite what some trolls may try to claim: DataBreaches has never accepted even one dime to interview or report on anyone. Nor will DataBreaches ever pay anyone for data or to interview them.

Want to Get Our RSS Feed?

Grab it here:

https://databreaches.net/feed/

RSS Recent Posts on PogoWasRight.org

  • How to Build on Washington’s “My Health, My Data” Act
  • Department of Justice Subpoenas Doctors and Clinics Involved in Performing Transgender Medical Procedures on Children
  • Google Settles Privacy Class Action Over Period Tracking App
  • ICE Is Searching a Massive Insurance and Medical Bill Database to Find Deportation Targets
  • Franklin, Tennessee Resident Sentenced to 30 Months in Federal Prison on Multiple Cyber Stalking Charges
  • On July 7, Gemini AI will access your WhatsApp and more. Learn how to disable it on Android.
  • German court awards Facebook user €5,000 for data protection violations

Have a News Tip?

Email: Tips[at]DataBreaches.net

Signal: +1 516-776-7756

Contact Me

Email: info[at]databreaches.net

Mastodon: Infosec.Exchange/@PogoWasRight

Signal: +1 516-776-7756

DMCA Concern: dmca[at]databreaches.net
© 2009 – 2025 DataBreaches.net and DataBreaches LLC. All rights reserved.