Black Friday Is Almost Here!
The Inventory team is rounding up deals you don’t want to miss, now through Cyber Monday. Click here to browse!

Comcast Pulls Xfinity Site After Researchers Discover Bug Leaking Customer Data

Illustration for article titled Comcast Pulls Xfinity Site After Researchers Discover Bug Leaking Customer Data
Photo: Justin Sullivan (Getty)

As if you needed yet another reason to loathe your ISP, Comcast has dropped the ball when it comes to properly securing its own wireless products. A pair of security researchers have uncovered a bug on Comcast’s website that allowed unauthorized disclosure of Xfinity customers’ personal data, according to a report from ZDNet. All you needed to ruin someone’s day (or gain unauthorized access to their home network) was an account number and a partial address. Terrible timing, considering Comcast is in the process of launching its own line of mesh network routers.

Advertisement

Researchers Karan Saini and Ryan Stevenson say they uncovered the security flaw on Xfinity’s activation page, used by customers to set up their Xfinity-issued router. By entering a user’s Xfinity account number (obtained via email, a mailed bill, or a bit of social engineering), along with the house or apartment number, the researchers were able to obtain a user’s full address, along with their router SSID and password.

Malicious individuals could take advantage of the lax security measures and use that access to rename the router and change the password to lock users out of their own network. Even if authorized users changed the password themselves, entering the aforementioned information would yield the updated wifi password.

Advertisement

“Within hours of learning of this issue, we shut it down,” a Comcast spokesperson told Gizmodo. “At no time did this site enable anyone to access customers’ personal usernames and passwords and we have no reason to believe that any account information was accessed. We are conducting a thorough investigation and will take all necessary steps to ensure that this doesn’t happen again.”

To avoid the issue entirely, you could always purchase your own wifi router, which doesn’t share its SSID or password information with Xfinity. Hell, you should probably buy your own cable modem while you’re at it, if only to get rid of the ridiculous monthly surcharge associated with modems and routers.

Staff Reporter, Gizmodo

Share This Story

Get our newsletter

DISCUSSION

hippoposthumous
Hippoposthumous

Router surcharges... Extra fees for HD (in 2018, when all new content is HD or 4k)... If they didn’t have area monopolies, they’d be broke.

I may never move, because my apartment has webpass (now Google fiber) 1gb for 40/mo. I will never use Comcast again.