Comcast Xfinity customers are the latest to be affected by lax online security. According to a report from BuzzFeed News, more than 26.5 million customers had their partial home addresses and social security numbers exposed…
Security researcher Ryan Stevenson first uncovered the security flaws. These vulnerabilities were in Comcast’s online customer portal and made it “easy for even an unsophisticated hacker to access this sensitive information.”
BuzzFeed News informed Comcast of the security holes, and the internet provider was quickly able to patch the flaws. In a statement addressing the data breach, a Comcast spokesperson explained that it blocked the security vulnerabilities within “hours,” while also reaffirming the company’s commitment to security:
One of the flaws related to an “in-home authentication page” where a user is able to pay their bills without signing in. The portal allowed customers to verify their account information based on partial home addresses suggested by the Comcast site, if the device was or appeared to be connected to the home network:
The second vulnerability was discovered via a sign-up page for Comcast Authorized Dealers. By using a customer’s billing address, a hacker could “brute force the last four digits of a customer’s social security number.” Eventually, because the page did not limit how many attempts, hackers would reveal the social security number:
Comcast says it is still investigating the vulnerabilities, but has yet to find any foul play thus far.
