Another one from the Face Palm Files: Comcast's use of default PINs left its wireless customers open to simple account takeover hacks.
Naked Security has the explanation:
In 2017, Comcast launched Xfinity Mobile: a wireless service that runs on Verizon wireless and Comcast’s own Wi-Fi hotspots.
To make it easy for customers to port their existing phone numbers over from other carriers, the company used a shortcut: no PINs needed. Oh, except for one, default PIN of “0000,” that is, which made it super simple easy for crooks to hijack people’s phone numbers.
The glaring security gaffe came to light after multiple customers reported that their numbers had been ported without authorization, that the hijackers had switched the numbers to their own accounts, and that the crooks then carried out identity theft.
One of the ripped-off customers wrote to a Washington Post columnist who addresses readers’ tech problems.