A hacking group by the name of NullCrew FTS compromised at least 34 servers belonging to Comcast yesterday. The group took to Twitter to announce that it has successfully hacked the largest cable company and home Internet service provider in the United States. The group also posted yesterday a Pastebin document containing leaked information as proof, but it has since been removed.
According to the hacking group, all hacked servers fell victim to a single exploit. “Fun Fact: 34 Comcast mail servers are victims to one exploit”, the group tweeted yesterday.
The compromised mail servers apparently run on a groupware email server client called Zimbra, whose Lightweight Directory Access Protocol (LDAP) service contained a local file inclusion vulnerability, which the hackers were able to exploit in order to gain access to the credentials and passwords.
If you haven't heard about LFI vulnerability before, it occurs due to the use of user-supplied input without proper validation, and allows a hacker to include a remote file, usually through a script on the web server. This can lead to code execution on the web server, sensitive information disclosure, DDos attacks, and more.
Comcast ISP users can access services like payment information, account creation, e-mail settings, and more, through a master account, which is enabled by default, and can be accessed through Zimbra webmail. If you are one of those who use the same password across different online services, you should immediately change it.
NullCrew has claimed to have hacked some big names over the years, including Sony, PayPal, Orange Telecom, Ford, and more.