Report: Comcast Xfinity security flaw exposed customers’ personal data

Report: Comcast Xfinity security flaw exposed customers’ personal data
Image Credit: Craig Johnson
Team Clark is adamant that we will never write content influenced by or paid for by an advertiser. To support our work, we do make money from some links to companies and deals on our site. Learn more about our guarantee here.

If you’re a Comcast customer, you may have dodged a figurative bullet thanks to quick acting by Xfinity’s IT team. The Comcast Xfinity login page had a security flaw in it that exposed millions of customers to a data breach, according to Buzzfeed News.

The security lapse was discovered by cybersecurity researcher Ryan Stevenson, who told the publication that 26.5 million people had their personal information exposed.

Report: Comcast Xfinity customers had personal info exposed

Buzzfeed said Comcast Xfinity has had at least two other previously unreported vulnerabilities in its online customer portal for high-speed internet. One of them had to do with flaws found in an “in-home authentication” page, which allows payments without customers having to sign in.

In that case, the page would display a partial home address. With just that information, a hacker could find out a customer’s home address by locating their IP (Internet Protocol) address on their computer.

It is unclear how long the vulnerabilities were accessible before the company was alerted, but Comcast has reportedly disabled its in-home authentication feature.

Another security faux pas Stevenson found had to do with Comcast’s Authorized Dealers sign-up page. The flaw revealed the last four digits of customers’ Social Security numbers, according to Buzzfeed.

While just four digits of a person’s Social Security number may not be enough to access their information, a determined criminal who found out someone’s home address could use code-guessing software to exploit that vulnerability.

Comcast said the company patched the security flaws as soon as they found out.

“We quickly investigated these issues and within hours we blocked both vulnerabilities, eliminating the ability to conduct the actions described by these researchers,” Spokesman David McGuire told BuzzFeed News, “We take our customers’ security very seriously, and we have no reason to believe these vulnerabilities were ever used against Comcast customers outside of the research described in this report.”

The incident is reminiscent of the Equifax data breach, in which hackers broke into  a web portal app on the company’s site and stole massive amounts of consumer information.

Since that massive hack and even well before it, money expert Clark Howard has recommended a two-pronged approach to protecting yourself from data breaches as best you can. Here’s how to do it:

The Clark-approved way to protect your credit

  1. Sign up for a or Credit Sesame account to get free credit monitoring and be notified when anyone tries to access your personal info. Here’s a step-by-step rundown of how to do it.
  2. Freeze your credit at the three major credit-reporting bureaus. Here’s an in-depth guide on how to contact Equifax, TransUnion and Experian to freeze your accounts.

Here are some more scam-related articles from

Craig Johnson is a conscious money-saver who still reads paperback books and listens to vinyl. He likes to write about how technology is making things easier and more affordable — but also sometimes more dangerous — for the modern consumer. You can reach Craig at [email protected]
View More Articles
  • Show Comments Hide Comments