NullCrew claims hack of Comcast mail servers

The hacker collective known as NullCrew has been busy. After making some waves with their hack of a Bell Canada subdomain operated by a third-party supplier, the hacking collective just announced a hack involving Comcast.

As it did with Bell, the @NullCrew_FTS account on Twitter gave advanced notice that they would be announcing the hack today:

And more specifically:

That was at 2:59 pm ET. By then, of course, the damage had already been done. The hackers directed some other tweets at @ComcastMelissa which she did not seem to appreciate as a serious warning, because she didn’t respond.  At one point, I even tweeted to the hackers:

but still no response from Comcast.

The taunts/teases continued:


The link to the data dump was posted  shortly thereafter.

The data dump, which will not link to, includes a list of over 30 Comcast mail servers and details of the exploit. Each of the mail servers “run on something called, “Zimbra,” NullCrew writes, and are vulnerable to LFi,” (local file inclusion vulnerability) “and you know what LFi can lead to, right?” they write.  Even to my untrained eye, this doesn’t look good as it looks like they’ve included passwords.

NullCrew did not dump any customer data in the paste.

So what will Comcast have to say about all this? I’ve emailed them for a statement and also asked whether they had trained staff to escalate alerts of security attacks. I’ll update this post or start a new post if and when I get a response.

About the author: Dissent

Comments are closed.