While Comcast routinely receives rough coverage in the tech press for its anti-Title II stance and its customer service track record, the cable giant seems to have won a battle over the weekend.
“I recently noticed what feels like a major privacy flaw in Comcast's automated telephone system,” Reddit user vinnie_james posted on Friday. “If you call in and select the option to make a payment, then enter a phone number, the system immediately asks you to verify your home address by reading it out to you. The result is anyone with your phone number can find out exactly where you live by simply knowing your phone number.”
As Gizmodo noted, James’ claims were exaggerated.
When a customer dials into a call center, the blog noted, Comcast seeks to automatically authenticate them by cross-referencing their phone number to the account.
If Comcast’s automated system can’t recognize the phone number, it asks the customer to punch it in manually. It then confirms that number is associated with the account by reading the numeric portion of the account address to the caller. So, theoretically, an intrepid troublemaker could illicitly obtain a customer’s street number, but not the name of the street.
“Making matters worse, if you then pay the bill on someone else's account, the system prompts you to add yourself as an authorized user and requests the caller's phone number, potentially granting them full access to your account,” vinnie_james added.
Again, that’s a bogus claim: In order to become an authorized user, one must be able to provide authentication for the account.
Gizmodo said vinnie_james’ post garnered more than 24,000 upvotes on r/technology, a subreddit with more than 6 million subscribers. That post was removed after the poster tried using its popularity to plug cryptocurrency.