Its security breach again and this time it is from Comcast website through Xfinity routers.
If you have a subscribers account number and street number, all other sensitive information can easily be obtained. Your Wi-Fi name and password can be obtained through Xfinity activation.
When people set up the internet at home, you will have to provide your personal data which Comcast sends on the router. Anyone can log into your account using the password and SSID.
Those who use Comcast are affected because the password is built in. Additional information can easily be accessed by determined users.
If you have a home internet or a cable service and you are using the Comcast website, be warned about sensitive information regarding home address, your router location, your Wi-Fi password, and name. Through Xfinity routers, your sensitive information may be wrongly used.
For online activation, users will have to provide only the customer ID and number. However, even with this basic information, the rest of the customer data can be collected, such as full address, password, network name, etc.
This has also been tested on a few users, with their permission, to check if this information is correct. Yes. All information about the user is provided very easily. Just your house number and account ID is sufficient. If the Xfinity router is used, this information is available, but if you use your own router, your information will not be provided.
If you feel that by changing the password, you have protection, this is not possible. The website can be accessed to provide the new password.
Ryan Stevenson and Karan Saini have reported this bug found in the routers.
Comcast removed this facility immediately, as they feel that the user security has to be protected first. The investigation is on, to know more about the data leakage.