Comcast is leaking the names and passwords of customers wireless routers

Comcast has just been caught in a major security snafu: revealing the passwords of its clients’ Xfinity-provided wireless routers in plaintext on the web. Anyone with a subscriber’s account number and street address number will be served up the Wi-Fi name and password via the company’s Xfinity internet activation service.

Security researchers Karan Saini and Ryan Stevenson reported the issue to ZDnet.

The site is meant to help people setting up their internet for the first time: ideally, you put in your data, and Comcast sends back the router credentials while activating the service.

The problem is threefold 😛 TAGEND

You can ” activate” an account that’s already active The data required to do so is minimal and it is not verified via text or email The wireless name and password are sent on the web in plaintext

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

w

Connecting to %s