Comcast Leaks Customer Wireless Router Information In Plaintext

Published by James on

Comcast SuxAs if we needed another reason to avoid Comcast, the cable giant (with the world’s worst customer support)  has been caught leaking private and confidential wireless router information in plaintext across the internet.

After TechCrunch reported on this last month, Comcast has taken down the “service” that provided unauthorized users with Wi-Fi names and passwords.

Here’s how it worked:

Comcast created a website to help new users get their internet set up for the first time without the need for a human customer support agent’s help. So right away we know that this was all about Comcast saving a few $$$.

The process was simple: You input your information, and Comcast sends back your router security information, and activates your service directly through the website.

Sounds easy, right? Yeah, a little TOO easy! See, you could input anyone’s information into the website, and you were instantly supplied with their Wi-Fi name and the password.

The only information you needed was the account number and the address associated with the account.

What was Comcast thinking?

Obviously they weren’t thinking. It wasn’t just one problem with the website, according to TechCrunch, the problem existed in three separate areas:

  • Activation: Yes, you could activate your own account, but you could also input someone else’s information and “activate” their account, even if that account was already activated!
  • Verification: The only data needed to use the site was an account number and the address. None of this was verified with an email/text code or any other type of verification, which meant anyone with the account information could access the Wi-Fi info.
  • Encryption: Once the site received the account information from, well…anyone, it would relay the Wi-Fi SSID and password in plaintext. No encryption of any type which is obviously highly-insecure.

Only Xfinity/Comcast routers were affected

Good news for those of us who refuse to rent Comcast’s extremely-overpriced routers, as only the routers provided by Comcast were affected. Even if you had changed your default SSID and password when you received your router, this information would still have been given out if requested.

If you use Comcast (for the love of God, why?) and if you rent one of their extremely-overpriced routers, I would suggest that you change your information; at least your password, as there’s no telling how many people that could have your information right now.

It’s fixed now, right?

Yes, although this leaves us with an even smaller trust (if any existed before) in Comcast security. I mean, a company who just allows anyone to input a little bit of data, not verify that data, and then relay sensitive infortion in plaintext just leaves us speechless.

We’ve all heard the Comcast horror stories about Comcast service, and their #1 ranking for World’s Worst Customer Service,  but now we can add another trophy of shame to their wall.

Categories: Data Leak
Tags: