PHILADELPHIA (CBS) — A website Comcast uses to help customers set up internet service may have exposed customers’ wi-fi names and passwords, according to a report by CNET.
ZDNet reported on May 21 that two security researchers, Karan Saini and Ryan Stevenson, found the bug. The bug can reportedly be “tricked into displaying the home address where the router is located, as well as the Wi-Fi name and password.”
To access the info, ZDNet says that a person would need a customer’s account ID and their house number–info easily available on a discarded bill or via email.
ZDNet says they tested out the bug with the permission of two Comcast customers and it revealed the Wi-Fi name and password in plaintext for one customer using an Xfinity router.
“Although it’s not believed the sensitive data can be used to access the router’s settings, an attacker could use the information to access the Wi-Fi network within its range. On the network, an attacker could read unencrypted traffic from other users on the network,” ZDNet says.
A Comcast spokesperson tells CNET they already fixed the problem saying in a statement, “There’s nothing more important than our customer’s security. Within hours of learning of this issue, we shut it down.”
According to CNET, if you go on to the Xfinity website, you now have to verify your username and password or a verification that will be sent to your phone.