Comcast suffers another possible data breach

Understanding the profiles and motivations of the various types of hackers is key to stopping them (Image imaginima / iStockPhoto)
Comcast said it shut down an API on its sites that recognizes customer IP addresses and allows them to access the nearest store location and various account data. (imaginima / iStockPhoto)

Comcast has had to shut the gate on a potential customer data breach after ZDNet once again notified the cable company that one of its web pages had the potential to expose private customer information to unauthorized users.

Comcast said it shut down an API on its sites that recognizes customer IP addresses and allows them to access nearest store location and various account data. According to ZDNet, an anonymous internet security firm made the publication aware that an unauthorized user who somehow managed to hijack a Comcast Wi-Fi account could get customer information. 

"As soon as we became aware of this situation, our engineers turned the feature off, which could only be accessed within a customer's home or while logged into the customer's Wi-Fi network,” Comcast said in a statement. "We have no reason to believe that anyone's account information was improperly taken or used.”

FREE DAILY NEWSLETTER

Like this story? Subscribe to FierceVideo!

The Video industry is an ever-changing world where big ideas come along daily. Cable, Media and Entertainment, Telco, and Tech companies rely on FierceVideo for the latest news, trends, and analysis on video creation and distribution, OTT delivery technologies, content licensing, and advertising strategies. Sign up today to get news and updates delivered to your inbox and read on the go.

RELATED: Comcast says it shut down possible modem security leak

In May, Comcast also shut down a feature that allowed anyone with a subscriber’s account number and street address number to access their Wi-Fi name and password via the company’s Xfinity internet activation service. 

ZDNet reported that a website set up by Comcast to make it easier for customers to set up their own internet and cable TV service can be tricked into giving up private authentication data. The blog said two security researchers obtained—with consent—the street address and account numbers from two Comcast subscribers, then tried to get private information from Comcast. 

“The site returned the Wi-Fi name and password—in plaintext—used to connect to the network for one of the customers who uses an Xfinity router,” ZDNet wrote. “The other customer was using his own router—and the site didn't return the Wi-Fi network name or password.”

A hacker, ZDNet argued, could do the same thing: access a customer’s Wi-Fi network with a discarded paper bill or illicitly obtained email statement. 

Suggested Articles

Verizon Media is opening a 5G production studio in Los Angeles in cooperation with the company’s immersive media firm, RYOT.

5G mobile networks are rolling out in the U.S. Now industries including media and entertainment need to come up with ways to use it.

Amazon and Google announced a range of deals today to bring each other’s video apps to each other’s streaming devices.