Comcast® Disables XFINITY® Website’s API after a Cyber Threat Tip-Off

Best Cable Deals
Internet Security Threat

One of the best cable providers, Comcast®, has turned off an API used as part of its XFINITY® website to prevent a potential breach of subscriber data. The API recognizes the IP addresses of Comcast® subscribers and allows them to access several account data and nearest outlet location. The cable giant blocked the feature after the news website named ZDNet notified them of the security concern the API might cause.

Earlier, an unknown internet security researcher contacted and notified ZDNet that if an unauthorized person manages to hack into a Wi-Fi network, comprising XFINITY® applications, they could get important information related to Comcast® customers. Of course, since the API returns the data when it detects an IP address of an XFINITY® subscriber, accessing the data of a line owner necessitates someone to be on a subscriber’s network.

The customer data, which the API may put at risk, include account numbers, addresses of residences, account type, and any other services that are enabled on the lines such as a home security suite. So, it is no wonder Comcast® decided to turn off the feature and make a public statement as to why they had to do that.

“As soon as we became aware of this situation, our engineers turned the feature off, which could only be accessed within a customer’s home or while logged into the customer’s Wi-Fi network. We have no reason to believe that anyone’s account information was improperly taken or used.”

Cable Providers
High Speed Internet

Earlier this year, the cable giant also turned off a feature that allowed someone with customer’s street address and account number to access wireless network name and password through the activation service of XFINITY® internet. The same news website reported that a site set up by Comcast® to make it convenient for subscribers to access cable TV and internet services can be trapped into leaking data used for private authentication. They also said that a couple of security researchers got account numbers and addresses of Comcast® customers with their consent, and then attempted to get private info from the cable operator.

“The site returned the Wi-Fi name and password—in plaintext—used to connect to the network for one of the customers who uses an XFINITY® router,” informed ZDNet. “The other customer was using his own router—and the site didn’t return the Wi-Fi network name or password.”

Hackers could also access a subscriber’s wireless network with an email statement illicitly obtained from Comcast® or a discarded invoice.

Add a Comment

Your email address will not be published. Required fields are marked *