Comcast is leaking the names and passwords of customers’ wireless routers

INSUBCONTINENT EXCLUSIVE:
Comcast has just been caught in a major security snafu: revealing the passwords of its customers& Xfinity-provided wireless routers in
plaintext on the web
Anyone with a subscriber account number and street address number will be served up the Wi-Fi name and password via the company Xfinity
internet activation service. Security researchers Karan Saini and Ryan Stevenson reported the issue to ZDnet. The site is meant to help
people setting up their internet for the first time: ideally, you put in your data, and Comcast sends back the router credentials while
activating the service. The problem is threefold: You can &activate& an account that already active The data required to do so is minimal
and it is not verified via text or email The wireless name and password are sent on the web in plaintext This means that anyone with your
account number and street address number (e.g
the 1425 in &1425 Alder Ave,& no street name, city, or apartment number needed), both of which can be found on your paper bill or in an
email, will instantly be given your router SSID and password, allowing them to log in and use it however they like or monitor its traffic
They could also rename the router network or change its password, locking out subscribers. This only affects people who use a router
provided by Xfinity/Comcast, which comes with its own name and password built in
Though it also returns custom SSIDs and passwords, since they&re synced with your account and can be changed via app and other methods. What
can you do While this problem is at large, it no good changing your password — Comcast will just provide any malicious actor the new one
So until further notice all of Comcast Xfinity customers with routers provided by the company are at risk. One thing you can do for now is
treat your home network as if it is a public one — if you must use it, make sure encryption is enabled if you conduct any private business
like buying things online
What will likely happen is Comcast will issue a notice and ask users to change their router passwords at large. Another is to buy your own
router — this is a good idea anyway, as it will pay for itself in a few months and you can do more stuff with it
Which to buy and how to install it, however, are beyond the scope of this article
But if you&re really worried, you could conceivably fix this security issue today by bringing your own hardware to the bargain. I&ve
contacted the company for comment and will update when I hear back.