Comcast Security Flaws Exposed Customers

Comcast Security Flaws Exposed Customers' Data

The company quickly resolved the problem in its Xfinity customer software.

Security flaws in Comcast Xfinity customer software reportedly exposed customers' partial home addresses and social security numbers.

Security researcher Ryan Stevenson found that two vulnerabilities in the internet service provider's online portal for its more than 26.5 million customers left data open to hackers. Comcast patched the vulnerabilities after Buzzfeed News reported the findings.

"We quickly investigated these issues and within hours we blocked both vulnerabilities, eliminating the ability to conduct the actions described by these researchers," a company spokesperson said.

One flaw was found on Xfinity's in-home authentication page, which allowed customers to pay bills without signing in after proving their identity using a partial home address. Hackers could spoof a customer's IP address and refresh the page, allowing them to figure out the partial address as that one would stay through each refresh.

The other vulnerability was in the Comcast Authorized Dealers sign-up page. If a hacker that had a customer's billing address brute-forced it, by trying random four-digit combinations until they happened on the right one, they could get digits of the customer's social security numbers.

The brute-force method was possible because Comcast didn't limit the number of sign-in attempts, but has added a strict rate limit.

Comcast has not gotten any reports to suggest that the flaws were used to compromise the data of any users.

About the Author

Sydny Shepard is the Executive Editor of Campus Security & Life Safety.

Featured

New Products

  • Mobile Safe Shield

    Mobile Safe Shield

    SafeWood Designs, Inc., a manufacturer of patented bullet resistant products, is excited to announce the launch of the Mobile Safe Shield. The Mobile Safe Shield is a moveable bullet resistant shield that provides protection in the event of an assailant and supplies cover in the event of an active shooter. With a heavy-duty steel frame, quality castor wheels, and bullet resistant core, the Mobile Safe Shield is a perfect addition to any guard station, security desks, courthouses, police stations, schools, office spaces and more. The Mobile Safe Shield is incredibly customizable. Bullet resistant materials are available in UL 752 Levels 1 through 8 and include glass, white board, tack board, veneer, and plastic laminate. Flexibility in bullet resistant materials allows for the Mobile Safe Shield to blend more with current interior décor for a seamless design aesthetic. Optional custom paint colors are also available for the steel frame.

  • Unified VMS

    AxxonSoft introduces version 2.0 of the Axxon One VMS. The new release features integrations with various physical security systems, making Axxon One a unified VMS. Other enhancements include new AI video analytics and intelligent search functions, hardened cybersecurity, usability and performance improvements, and expanded cloud capabilities

  • Camden CV-7600 High Security Card Readers

    Camden CV-7600 High Security Card Readers

    Camden Door Controls has relaunched its CV-7600 card readers in response to growing market demand for a more secure alternative to standard proximity credentials that can be easily cloned. CV-7600 readers support MIFARE DESFire EV1 & EV2 encryption technology credentials, making them virtually clone-proof and highly secure.