Comcast Xfinity inadvertently exposed the partial home addresses and Social Security numbers of more than 26.5 million customers, according to security researcher Ryan Stevenson, who discovered the security flaws.
Two previously unreported vulnerabilities in the high-speed internet service provider’s online customer portal made it easy for even an unsophisticated hacker to access this sensitive information.
After BuzzFeed News reported the findings to Comcast, the company patched the flaws.
One of the flaws could be exploited by going to an “in-home authentication” page where customers can pay their bills without signing in.
In the second vulnerability that Stevenson discovered, a sign-up page through the website for Comcast’s Authorized Dealers (sales agents stationed at non-Comcast retail locations) revealed the last four digits of customers’ Social Security numbers.