Comcast Accidentally Leaks Xfinity Customer Data on Website
A bug on Xfinity’s router setup webpage let anyone with access to a customer’s account ID and house or apartment number change the network’s WiFi name and password.
PHILADELPHIA — A bug in a Comcast website that is used to activate the routers of Xfinity customers was leaking sensitive information, according to two researchers.
Researchers Karan Saini and Ryan Stevenson told ZDNet that the website could be tricked into displaying the home address where a router is located, as well as the WiFi name and password of the network.
All a potential attacker would need is a customer account ID and that customer’s house or apartment number to reveal their network’s WiFi name and password. Fortunately, this was only the case for customers using an Xfinity router and did not effect customers using their own device.
The researchers say the bug could allow an attacker to change a network’s WiFi name and password, leaving the owner locked out.
Considering how many devices the modern consumer has connected to their home network, this could have resulted in catastrophic consequences — especially considering Comcast is moving into the home automation and residential security market.
ZDNet says Comcast removed the option after publishing the story.
“There’s nothing more important than our customers’ security,” said a Comcast spokesperson. “Within hours of learning of this issue, we shut it down. We are conducting a thorough investigation and will take all necessary steps to ensure that this doesn’t happen again.”
Security Is Our Business, Too
For professionals who recommend, buy and install all types of electronic security equipment, a free subscription to Security Sales & Integration is like having a consultant on call. You’ll find an ideal balance of technology and business coverage, with installation tips and techniques for products and updates on how to add sales to your bottom line.
A free subscription to the #1 resource for the residential and commercial security industry will prove to be invaluable. Subscribe today!