The hacker collective, Nullcrew, obtained access to no less than 34 servers owned by Comcast on the 5th of Februrary, dumping what seems to be a listing of the company’s mail servers, passwords along with a link to the root file which contains the vulnerability they utilized to penetrate the servers.
@NullCrew claimed to have hacked a number of companies throughout the years, Sony, PayPal, Orange Telecom and Ford to name a few, and took credit for the attack on Comcast Wednesday. They tweeted the attack on their official twitter, you can view the tweet below.
Fun Fact: 34 Comcast mail servers are victims to one exploit.
— NullCrew (@NullCrew_FTS) February 5, 2014
The group went on to post the leak to Pastebin, which was later removed.
The affected mail servers seemingly operate on Zimbra, a groupware email server client whose Lightweight Directory Access Protocol (LDAP) directory service was the objective of the attack.
NullCrew managed to exploit a local file inclusion (LFI) vulnerability in LDAP to obtain access to the credentials and passwords.
They were then able to access localconfig.xml, a file which contains Comcast LDAP administrative credentials, LDAP passwords and credentials for MySQL and Nginx.