Flaw exposed Comcast Xfinity customers’ partial home addresses and SSNs
The State of Security
Poor security measures have reportedly put the personal details of Comcast Xfinity customers at risk, a researcher has revealed.
According to a BuzzFeed News report, security researcher Ryan Stevenson found a vulnerability in the high-speed ISP’s online customer portal that could allow unauthorised parties to determine the partial home address of customers.
The flaw was found in the “in-home authentication” webpage that customers could use to access their Comcast Xfinity bills without the hassle of logging in.
In-home authentication (also known as Home-Based Authentication, HBA, or IP authentication) is supposed to reduce the friction for customer attempting to access their accounts and reduce the number of password resets requested.