Complete Story


Flaw exposed Comcast Xfinity customers’ partial home addresses and SSNs

The State of Security

Poor security measures have reportedly put the personal details of Comcast Xfinity customers at risk, a researcher has revealed.

According to a BuzzFeed News report, security researcher Ryan Stevenson found a vulnerability in the high-speed ISP’s online customer portal that could allow unauthorised parties to determine the partial home address of customers.

The flaw was found in the “in-home authentication” webpage that customers could use to access their Comcast Xfinity bills without the hassle of logging in.

In-home authentication (also known as Home-Based Authentication, HBA, or IP authentication) is supposed to reduce the friction for customer attempting to access their accounts and reduce the number of password resets requested.


Printer-Friendly Version