Comcast’s MVNO service, Xfinity Mobile, launched to the public in early 2017. Almost two years later and a bit of bad news has surfaced.
The Washington Post has a quick report that covers several different topics. However, the most interesting one is a customer’s account of Xfinity Mobile security. Or an overall lack thereof, to be specific. One Xfinity Mobile customer, Larry Whitted out of California, had his phone number hijacked by someone else. According to Whitted, Xfinity Mobile doesn’t require customers to set up a unique PIN on their accounts.
Xfinity Mobile inputs a default PIN of “0000” because it doesn’t require customers to change it. As a result of that, the person who hijacked Whitted’s phone number was able to port it to a different account, and then commit fraud. They were even able to use Whitted’s credit card through Samsung Pay and buy a computer from Apple.
Here’s how Comcast describes it:
“We don’t require you to create an account PIN, so you don’t need to provide that information to your new carrier.”
Obtaining additional sensitive information from someone, all based around a stolen phone number, is an easy feat. Especially when a phone number can be all that some folks utilize for a security measure.
As for Comcast’s Xfinity Mobile? The company says that it has already started working on a PIN-based fix for the issue. And it has also implemented new changes behind-the-scenes to make stealing phone numbers more difficult. That being said, it’s ridiculous that this wasn’t already implemented right out of the gate, and the fact that the company used “0000” as the default for all customers is outrageous.
[via The Washington Post]
Like this post? Share it!