Comcast suffers another possible data breach

Understanding the profiles and motivations of the various types of hackers is key to stopping them (Image imaginima / iStockPhoto)
Comcast said it shut down an API on its sites that recognizes customer IP addresses and allows them to access the nearest store location and various account data. (imaginima / iStockPhoto)

Comcast has had to shut the gate on a potential customer data breach after ZDNet once again notified the cable company that one of its web pages had the potential to expose private customer information to unauthorized users.

Comcast said it shut down an API on its sites that recognizes customer IP addresses and allows them to access nearest store location and various account data. According to ZDNet, an anonymous internet security firm made the publication aware that an unauthorized user who somehow managed to hijack a Comcast Wi-Fi account could get customer information. 

"As soon as we became aware of this situation, our engineers turned the feature off, which could only be accessed within a customer's home or while logged into the customer's Wi-Fi network,” Comcast said in a statement. "We have no reason to believe that anyone's account information was improperly taken or used.”

FREE DAILY NEWSLETTER

Like this story? Subscribe to FierceVideo!

The Video industry is an ever-changing world where big ideas come along daily. Cable, Media and Entertainment, Telco, and Tech companies rely on FierceVideo for the latest news, trends, and analysis on video creation and distribution, OTT delivery technologies, content licensing, and advertising strategies. Sign up today to get news and updates delivered to your inbox and read on the go.

RELATED: Comcast says it shut down possible modem security leak

In May, Comcast also shut down a feature that allowed anyone with a subscriber’s account number and street address number to access their Wi-Fi name and password via the company’s Xfinity internet activation service. 

ZDNet reported that a website set up by Comcast to make it easier for customers to set up their own internet and cable TV service can be tricked into giving up private authentication data. The blog said two security researchers obtained—with consent—the street address and account numbers from two Comcast subscribers, then tried to get private information from Comcast. 

“The site returned the Wi-Fi name and password—in plaintext—used to connect to the network for one of the customers who uses an Xfinity router,” ZDNet wrote. “The other customer was using his own router—and the site didn't return the Wi-Fi network name or password.”

A hacker, ZDNet argued, could do the same thing: access a customer’s Wi-Fi network with a discarded paper bill or illicitly obtained email statement. 

Suggested Articles

AT&T spent months hyping up its new streaming TV service but AT&T TV has fallen short of the incredibly lofty expectations the company set for the…

Comcast Spotlight, the advertising sales division of Comcast Cable, has hired Melanie Hamilton as vice president of national sales.

Amid pressure from federal regulators and consumers, YouTube might be planning to do away with advertising that targets children.