Skip to main content
Black Listed News
Trending Articles:
Trending Articles:

Comcast breach exposes 26.5m customers' Social Security Numbers and partial addresses

Published: August 9, 2018
Share | Print This


Source: Boing Boing

Comcast Xfininty's login page had an easily found bug that allowed anyone to gain access to the Social Security Numbers and partial home addresses of over 26.5 million customers.

Comcast spokesapologist David McGuire says the company patched the bug quickly after being notified of its existence by security researcher Ryan Stevenson, and added that the company "take[s] our customers’ security very seriously," adding that the company didn't think anyone had exploited the bug.

I'm going to make a guess here: the bug was the result of one of the many mergers and acquisitions that has allowed Comcast to grow to be the country's largest and most hated cable operator, as they put profits and growth ahead of integration and security. It's just a guess, but it's an educated one. Merging IT systems is one of the most notoriously tricky and insecure things a corporation can do.

This vulnerability was particularly easy to exploit — and use to target someone. It’s simple to obtain someone’s IP address (or “Internet Protocol”), a string of numbers that links your internet activity to the Wi-Fi network you’re using. Web administrators can see the IP addresses of everyone who visits their website. Many forums also disclose users’ IP addresses, along with their usernames. A malicious actor can also send someone a link designed specifically to obtain a target’s IP address.

While an IP address alone is not sensitive information, paired with the knowledge of someone’s internet service provider, it can help a bad actor confirm their target’s specific location. And often, it’s fairly easy to figure out someone’s internet service provider, or ISP, because an area is typically limited to one or two high-speed internet options, thanks to the consolidation of internet companies.

In the second vulnerability that Stevenson discovered, a sign-up page through the website for Comcast’s Authorized Dealers (sales agents stationed at non-Comcast retail locations) revealed the last four digits of customers’ Social Security numbers. Armed with just a customer’s billing address, a hacker could brute-force (in other words, repeatedly try random four-digit combinations until the correct combination is guessed) the last four digits of a customer’s Social Security number. Because the login page did not limit the number of attempts, hackers could use a program that runs until the correct Social Security number is inputted into the form.

Security Flaws On Comcast’s Login Page Exposed Customers’ Personal Information [Nicole Nguyen/Buzzfeed]

(via /.)

(Image: Abdul Rahman, CC-BY)

Share This Article...


Emigrate While You Still Can! Learn more...


PLEASE DISABLE AD BLOCKER TO VIEW DISQUS COMMENTS

Ad Blocking software disables some of the functionality of our website, including our comments section for some browsers.





SIGN UP TO GET BLACKLISTED NEWS DELIVERED RIGHT TO YOUR INBOX

Enter your email address:





More Blacklisted News...

Blacklisted Radio
Blacklisted Nation
On Patreon
On Twitter
On Reddit
On Facebook
Blacklisted Radio:
Republic Broadcasting
Podcasts on Youtube
Podcasts on Demand
On Iheart Radio
On Spreaker
On Stitcher
On iTunes
On Tunein

Our IP Address:
198.245.55.242

Sponsors:
good
longboard
brands


Advertise Here...





BlackListed News 2006-2018