Hacking group NullCrew FTS declared today that it had exploited a security flaw in Comcast’s Zimbra webmail server. It’s believed that the group used what is known as a LFI exploit or local file inclusion vulnerability to obtain usernames and passwords of Comcast ISP users.
The hacking group claims it used this exploit to gain access to the Zimbra LDAP and MySQL database which house the user accounts and passwords. The group posted earlier on pastebin.com a list of what they gained access to, but with no usernames or passwords listed. The posting has since been removed by pastebin.
Every Comcast ISP user has a master account, which is accessible through their Zimbra webmail site. This account can be used to access your payment information, e-mail settings, user account creation and services you purchase from Comcast. Even if you do not use their mail service, you still will have a master account. It is strongly recommended that, if you are a Comcast user, you change your password as soon as possible.
Comcast performed out-of-schedule maintenance on their mail servers last night, hopefully to fix this exploit. No more information is available at this time on what maintenance was performed.
You may also want to read comments at the above site like this one:
This issue was identified recently and a patch had been released. Zimbra had contacted all their customers to update to the latest version. Looks like Comcast were a little lazy and got pwned.