Comcast has just been caught in a major security snafu: revealing the passwords of its clients’ Xfinity-provided wireless routers in plaintext on the web. Anyone with a subscriber’s account number and street address number will be served up the Wi-Fi name and password via the company’s Xfinity internet activation service.
Security researchers Karan Saini and Ryan Stevenson reported the issue to ZDnet.
The site is meant to help people setting up their internet for the first time: ideally, you put in your data, and Comcast sends back the router credentials while activating the service.
The problem is threefold 😛 TAGEND
You can ” activate” an account that’s already active The data required to do so is minimal and it is not verified via text or email The wireless name and password are sent on the web in plaintext