Recently, a bug was spotted in the Comcast website, as a result, Xfinity customer data was actually leaked. The website which is used by the customers in order to set up their connections can accidentally display the home address of the router and also the username and password of the Wi-Fi connection. As a result, a significant amount of data was actually leaked.
The bug was 1st discovered by 2 researchers by the name of Karan Saini and Ryan Stevenson. Saini has previously also discovered quite a few bugs for marquee names like Uber and Indias Biometric Identity detection database.
In order to display the Wi-Fi username and password as well as home address the consumer, only the customer ID and the apartment number was needed. The full address of the customer wasn’t needed. These details could be easily retrieved from a discarded bill. Also, hackers would be able to bypass this with the help of brute force hacking as well. As a result, this bug is actually pretty risky.
The Wi-Fi username and password were also displayed in plain text. As a result, there was no layer of protection for the Wi-Fi username and password of the consumers. Also, even if the wifi is currently on, then also the Wi-Fi username and password were displayed. In case, the username and password were changed, the changes were also displayed. The bug was pretty dangerous as the hackers would have been able to change the username or the password of the Wi-Fi network and lock out the existing users as well. This is actually a significant bug as the customers would have been locked out of their own accounts.
Comcast according to an official statement recently stated that it takes the customer security seriously and they had shut down the website within hours of the bug getting detected. They are also currently conducting an investigation to find out how this bug was left unattended and also they are securing the systems to ensure that this does not happen again. Even though they are taking the steps in order to ensure that it does not happen again but it is actually a risky proposition as the customer data of thousands of individuals was compromised.
Hopefully, the security modifications which they make will ensure that such a leak does not ever occur again. Only when they are able to take such steps, it will be easier for the consumers to have proper security for their data.