There are some farm-stores in my area where you can by eggs, milk, butter, cheese and other items on a similar principle. You go in, get what you need and throw the money in a box (can not take it out again though). They are unmanned, open 24x7 and seem to work pretty well. Prices are good because you mostly buy what they produce (or very local stuff), the farmers get a bigger share of the end-user price and the goods dont travel far.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Comcast Used '0000' as Default PIN for Xfinity Mobile Customers, Leaving Them Vulnerable to Hacking
- Thread starter MacRumors
- Start date
- Sort by reaction score
There are some farm-stores in my area where you can by eggs, milk, butter, cheese and other items on a similar principle. You go in, get what you need and throw the money in a box (can not take it out again though). They are unmanned, open 24x7 and seem to work pretty well. Prices are good because you mostly buy what they produce (or very local stuff), the farmers get a bigger share of the end-user price and the goods dont travel far.
Are the people really any different? Your security was always dependent on the integrity of your neighbors. It's just that now, thanks to the Internet, your neighbors are everyone on the planet. A thief doesn't have to walk into your bank to steal your money, they can access it from the other side of the world.
don't worry. you'll never be compromised again when you're worth that much. In fact, most companies will opt to stop storing data about you at all and we'll finally have the privacy we all deserve.
We still have one of these in my small midwest town. Also, it's not uncommon to see fruit\veggie stands along the highway with just a money box.
I really think any company spreading this type of information should be held accountable as well. Now all hackers and criminals know about this and have a window to use it while Comcast develops a solution. This puts consumers at greater risk than helping. Non tech people may never see an article like this, but crooks will.
Update: Called Xfinity Mobile. They stopped automated phone number transfers. If one wants to transfer an Xfinity number, now requires a one on one with a special Xfinity department. The pin no longer an avaiable option until the system updated. From what I gathered, system update in some form of beta testing.
I gave them a bit of tough love about Security today. Essentially saying Security is not an after thought. Get your **** together.
I'm sure the call center worker who has zero say about corporate security policy really appreciated your "tough love".
Idiots are still sending me emails for someone who lives in the US (I don't). I've asked them repeatedly to contact their customer to get the right email address as I don't want his bills or other personal email.
Every single one falls on deaf ears, so if I was ever unfortunate enough to migrate to Murica, I'd certainly be steering well clear of Comcast and their appalling attitude to user data security.
Every single one falls on deaf ears, so if I was ever unfortunate enough to migrate to Murica, I'd certainly be steering well clear of Comcast and their appalling attitude to user data security.
Dishonesty is now prevalent. No accountability for anyone's actions. People can blatantly lie straight up and no one bats an eye lid. And its not going to get any better anytime soon. If the president of the united states does it on a DAILY basis, what kind of example is that to set to the future generations?
[doublepost=1551451957][/doublepost]
Yes I see many of those too in the UK middle of nowhere.
Exactly the words I was thinking. Comcast are a bunch of schmucks.
Actually he was very agreeable. Noted my concerns and provided information on what current solutions are available.
You are incorrect, these frontline folks are the ears of a company. They have meetings, reports, the documents of the call, that are passed on to the folks who do have the authority. They inform management of not only the data but the level of concern. Very important job that gets things done.
To your point, I make sure my tough love clearly directed at the company not the person on the phone. Even though technically they are the company as a representative.
I don't understand in this day and age why doesn't every company put digital security higher on the priority list. I mean come on that's simply mismanagement. The thing is nobody ever holds them accountable. It's like we all say "oh well I still gonna use them"
If I read the original article correctly this Comcast PIN is the equivalent to AT&T's "security passcode", which is not enabled by default either, so other carriers are no better. I assume Verizon and T-Mobile have something similar.
Maybe I need to shove off this glacier and head west before it melts and pushes me in the direction of the Midwest anyway (if I'm lucky and don't get ushered down the Delaware or Susquehanna river system to the Atlantic Ocean).
I don't mean to imply there are no honest people left, only that sometimes it seems like even "trust but verify" has gone by the boards. At least around here it's true that the few remaining storekeeps may have a bell that rings when the exterior door is opened, but it's not like you have to ring a buzzer and be admitted by a corresponding buzz that releases the latch after they eyeball you via a cam. On some town roads the box and make-yer-own-change are out there sometimes, but they're long gone from stands on county highways. It's possible this trend has accelerated in the era of opiod abuse amongst rural residents living within 10 or 15 miles of a town, particularly college towns that draw both students and so at least middleman drug-selling operations from NYC. Drug-seeking behavior and raids on gloveboxes of cars and toolboxes of pickups have risen somewhat around the western Catskills in the past ten years.
Well and we hardly have a choice when it comes to phone and net service. One provider I know of still prints the customer account's PIN number on the statements it issues every month. Why not paint it on my car windshield while they're at it. I deal with them online but this is a rural area and a lot of people still get their phone bills delivered roadside to easy-open mailboxes.
When Comcast installed wireless Internet service at my neighbor's house, they set the Wi-Fi password to her phone number. That way they didn't have to ask her to pick a password herself. As a result, I know every other Comcast customer's default Wi-Fi password too, as long as I know their phone number.
It's the same inattention to security that leaves the least tech-savvy customers vulnerable.
It's the same inattention to security that leaves the least tech-savvy customers vulnerable.
That's rather odd given that routers from providers typically already have their own passwords associated with their WiFi networks (usually listed on them directly and/or associated with customer account information available to the customer) and those are the ones that are used, unless the customer would decide to change it themselves.
Last edited:
Perhaps they thought that changing from the default Wi-Fi password of the router to one that's specific to the customer was a good idea, which it was.
The mistake was changing it to public customer-specific information rather than private customer-specific information, without asking the customer if they wanted a different password, or even telling them to consider the issue.
Isn't this the same story you could claim SIM cards do as well ? Somehow it could be related. but the only exception there would be "its the users fault they never changed it" on a bigger scale. problem.
I guess it becomes more important when its account-issue for hundreds, than a sim-card issue for the same amount
I guess it becomes more important when its account-issue for hundreds, than a sim-card issue for the same amount
This is not about PINs for your account billing or an account password. This is a special PIN exclusively required to make changes to your wireless service. Most people don’t know this PIN exists until they want to port their number to another carrier, or to add or replace their phone on iPhone launch day only to discover that apple.com won’t let them add or replace an existing phone without that PIN.
That said, I can assure you that things are plenty backwards in the US when it comes to wireless carriers.
As a member of the class action lawsuit against Target, let me tell you how that actually plays out, you know, in the real world:
- Out of a $10 million total class action settlement, I received $20 for costs and lost time related to replacing my cards, and only then because I was able to document my time. Out of 20 hours spent on the phone with Wells Fargo (who initially believed I had given out my PIN because retailers weren’t supposed to be able to save that information), I was paid $10 an hour, for a maximum of two hours.
- The remaining 40 million victims unable to document their time received whatever was left out of the above $10 million. Pennies.
- The class action law firm/its partners pocketed $6.75 million.
- In a separate lawsuit, the banks got $39 million, to cover some fraction of their losses. (Wells Fargo eventually reimbursed me for the fraudulent charges, usually they eat all of those losses).
- Visa and MasterCard got an “undisclosed” settlement amount from yet another lawsuit.
- 47 states got $18.5 million from another lawsuit, which they naturally pocketed.
And G4DPII thought our wireless carriers were backwards!
member of the class action lawsuit against Target, let me tell you how that actually plays out, you know, in the real world:
So before anybody thinks a class-action lawsuit is going to make them rich, only the lawyers get rich. They negotiate some small pittance for the plaintiffs (coupon for $10 off a future purchase, credit for $3 off your next bill, etc.) which most people won’t bother to redeem, and then take 2/3 of that “settlement” as a fee for their efforts.
- Out of a $10 million total class action settlement, I received $20 for costs and lost time related to replacing my cards, and only then because I was able to document my time. Out of 20 hours spent on the phone with Wells Fargo (who initially believed I had given out my PIN because retailers weren’t supposed to be able to save that information), I was paid $10 an hour, for a maximum of two hours.
- The remaining 40 million victims unable to document their time received whatever was left out of the above $10 million. Pennies.
- The class action law firm/its partners pocketed $6.75 million.
- In a separate lawsuit, the banks got $39 million, to cover some fraction of their losses. (Wells Fargo eventually reimbursed me for the fraudulent charges, usually they eat all of those losses).
- Visa and MasterCard got an “undisclosed” settlement amount from yet another lawsuit.
- 47 states got $18.5 million from another lawsuit, which they naturally pocketed.
And G4DPII thought our wireless carriers were backwards!
I'm not talking about a Class Action Lawsuit. I'm talking about the FTC fining any company that mis-handles user data. If companies want to collect every time we fart, sneeze, sleep or walk to the store, they should be required to protect it against hackers and incompetence or receive a fine of 1 million dollar per person's data that is compromised. The fine won't actually end up being 1 million dollars but my guarantee here as a nobody is that if the fine was a million bucks per person (not a class action lawsuit), I know for sure that data breaches would become a thing of the past. When you're on the hook for a billion dollars by keeping data stored in plain text on an S3 bucket or not using SSL, suddenly you'll learn really fast how all of this works (as a company).
Your insulting payout from Target goes to show exactly what I'm talking about. When they lose all of that data and the end users gets $20 a piece, why in the heck would they now start caring about protecting your data?
This is one of those rare occasions where I want to see more regulation because it's clear after 20 years of data breaches that corporations truly do not care about protecting our data. Why should they? Your transaction history and contact info gets leaked to the Internet and you get $20.