Andy Weir is the creator of Mark Watney, a fictional astronaut who can solve any problem the harsh environment of Mars throws his way.

But Weir, author of The Martian, ran into a tricky problem on Earth this week when his e-mail and Twitter accounts were hacked. The culprit, he says, was a hacker who reset the password for his Comcast.net e-mail account by calling Comcast and pretending to be him. Comcast let the hacker take control of his e-mail account after asking "security questions" for which the answers were easy to find, according to Weir.

"Well I got hacked," Weir wrote on Facebook last night. "Someone compromised my e-mail account and twitter account. I don't know how they got the password. My guess is they socially engineered a password reset on my e-mail account, and they used that to do a password reset on Twitter. They also set up an e-mail forward to an account they control, so even after I changed my e-mail password they were still getting my e-mails until I found that. Whee."

Today, Weir said he found out how his e-mail account was taken over. Here's his latest update:

So I found out how the hacker got control of my e-mail address. I wanted to know what timespan the hacker had control of my account, so I called Comcast to find out when the password was initially changed. Turns out the hacker had control for a little over an hour. Oh and by the way that password change was done by a Comcast customer service rep. Yup. The hacker got control of my e-mail account by calling Comcast. From there, the conversation went something like this: Me: So, I'd like you guys not to give control of my account to people who call you, no matter how nicely they ask. Comcast: We ask several security questions. The hacker had to know a ton of personal information about you to pull this off. Me: Really? Because when I called to reclaim control of the account all you guys asked for was my street address and the last four digits of my social security number. Is that actually all you need to know to take over a Comcast e-mail account? Because that stuff isn't too hard to find out about people. Comcast: (awkward silence) Me: Seriously? Is that your entire validation process? You know my phone number; you have it on file. You could text me for verification or call me back. Comcast: We do that for customers who have their phone service through Comcast. Me: And for the millions of us who don’t? Comcast: (awkward silence #2) So anyway, now my account is flagged and any password changes require a call in to their security department and it requires knowing a special code.

We've contacted Comcast about the alleged incident with Weir's e-mail password. We also asked Comcast if what Weir described is the standard protocol for changing e-mail passwords and whether Comcast offers any additional security protections like two-factor authentication. We'll update this post if we receive a response.

A Comcast customer's primary username and password is used to manage the customer's cable account and check e-mail, according to a Comcast support page.

This wouldn't be the first time Comcast customers had significant trouble with Comcast e-mail addresses.

In June, we wrote about two cases in which a customer's e-mail address was taken away and given to a new customer with the same name. Kathleen Cox of Jacksonville, Florida, had been a Comcast e-mail user for years, but her address was given away when another customer named Kathleen Cox signed up for service in Michigan. Comcast apologized and fixed the problem after a local news station reported the story.

In a second case, a man who suffered an identical problem was only able to get his Comcast e-mail address back after Ars got involved.

Although many people do use the e-mail address offered by their Internet service providers, it's probably safer to use a service like Google's Gmail and Microsoft's Outlook.com. Besides not being tied to a location-specific Internet provider, both Gmail and Outlook.com offer two-step authentication systems that make it harder for bad people to take over your e-mail.

Weir told Ars that the Comcast.net e-mail account is his primary address, but that he is now planning to switch over to a Gmail address. "It's a pain, because I have to go update all my online accounts to use the new e-mail address, then I have to slowly over time get people to stop e-mailing me at the old account," he said.

Weir's Facebook and Twitter accounts are both verified; his popularity has grown with the success of his novel, now being made into a film starring Matt Damon.

Weir's Twitter account was suspended at last check. "I reported it and Twitter has suspended the account pending customer service action," Weir wrote on Facebook last night. "I've changed the passwords to every online account I have and done virus scans on all my systems just to be safe."