Skip to main content

Data-stealing bug prompts Comcast to shut down Xfinity activation website

comcast xfinity store
Ken Wolter/123rf

Two security researchers uncovered a bug within Comcast’s online activation portal that revealed a customer’s home address along with the Wi-Fi network name and password in plain text. Within hours of learning of the flaw uncovered by Karan Saini and Ryan Stevenson, Comcast shut down the Xfinity activation site, citing customer security as its top concern.

In order for customers to activate their routers, they have to visit an Xfinity activation website to enter some user information in order to setup their router and service. Saini and Stevenson discovered that even though the website asks for a customer’s full address, just an apartment or house number was needed along with an account ID. Both pieces of information required to gain access to the activation portal could easily be found on a discarded bill.

Recommended Videos

The activation portal continues to work and return information about the customer and the Wi-Fi network even after the router and home broadband service has been activated.

If a customer is using a Comcast or Xfinity-branded router, then the activation portal continues to return updated network information, so if a customer changes the network name or password, that latest information would be displayed on the activation portal. ZDNet noted that there’s no way for a customer to opt out of this system. For customers using their own router, the publication discovered that the portal doesn’t have access to the Wi-Fi network name and password to display.

On the primary level, the security concern is that customer’s network data and home address isn’t protected by requiring information that’s not readily available through an account statement. Further, once a hacker obtains the network data, they can use it in a malicious manner if they’re within close proximity to the Wi-Fi network. The network ID and password could be used to gain access to unencrypted web traffic that passes through the router. Additionally, hackers can also temporarily lock users out by changing the network name and password once they have access.

Comcast has since disabled this feature on its website to correct the security flaw. “Within hours of learning of this issue, we shut it down,” a Comcast spokesperson told ZDnet. “We are conducting a thorough investigation and will take all necessary steps to ensure that this doesn’t happen again.” In a separate statement to Gizmodo, Comcast noted that it doesn’t believe that any data was improperly accessed as a result of this bug.

News of the bug comes at a time when Comcast is launching its own mesh networking accessory.

Chuong Nguyen
Silicon Valley-based technology reporter and Giants baseball fan who splits his time between Northern California and Southern…
Cyber Monday All-in-One PC deals 2024: Big savings on stylish PCs from Lenovo, Dell, and HP
hp 215 inch all in one desktop deal amazon september 2024 21 5 pc render 1

Black Friday is officially done and over, but if you missed out on the deals, then you'll be happy to know there are still quite a few Cyber Monday deals that have a lot to offer. You’ll find plenty of Cyber Monday Apple deals, Cyber Monday laptop deals, Cyber Monday 17-inch laptop deals, and even Cyber Monday Alienware laptop deals among them. But if you’re in search of an all-in-one PC for your computing needs, here we’ve tracked down all of the best Cyber Monday all-in-one PC deals. Read onward for all of the details, and check back here frequently if you don’t see something you like yet.

Cyber Monday Sales

Read more
Cyber Monday printer deals 2024: Grab a printer for just $40
best black friday cyber monday printer deals hp envy 6065e

Update 12/2/24: Cyber Monday is the perfect time to grab yourself a new printer, and we're happy to say that the deals have only been getting better. That's why we've gone ahead and updated the deals to their latest information so you can buy with confidence. Also, be sure to check back regularly as we update these deals moving forward!

There are some fantastic Cyber Monday deals on all kinds of computers and accessories. Below, we’ve picked out our favorite Cyber Monday printer deals so you can print those all-important documents better than before. It’s maybe not the most exciting of purchases, but it’s certainly an important one. If you’ve just snagged an Cyber Monday laptop deal or all-in-one PC deal, you’re all set in your home office with this combo.

Read more
Cyber Monday Chromebook deals 2024: Save on HP, Lenovo, and Acer

It's finally Cyber Monday, and after the great deals during Black Friday, you'll be happy to know there are still a lot of great Cyber Monday deals on Chromebooks that are worth picking up. While the temptation might be to seek out the Cyber Monday Alienware deals and spend a fortune, many people will be content with the simple and inexpensive nature of a Chromebook. So, we’ve picked out the best Cyber Monday Chromebook deals out there right now so you can save on some popular brand names like HP and Lenovo. If the latter sounds particularly appealing, check out the Lenovo Cyber Monday deals happening, as well as these Cyber Monday laptop deals for some alternatives.
Our Top Pick: Lenovo IdeaPad Slim 3 -- $169 $319 47% off

Using a mobile CPU like the MediaTek Kompanio 520 means the Lenovo IdeaPad Slim 3 won’t be speedy, but for the price it has a great looking full HD touchscreen laptop which is useful if you prefer to tap your screen rather than use the mouse. It looks nice too in an attractive blue.

Read more