An nameless reader quotes a file from ZDNet: A worm in Comcast’s web page used to turn on Xfinity routers can return sensitive information on the company’s customers. The website, utilized by shoppers to arrange their house web and cable provider, can also be tricked into showing the house cope with the place the router is positioned, in addition to the Wi-Fi identify and password. Two safety researchers, Karan Saini and Ryan Stevenson, found out the worm. Only a buyer account ID and that buyer’s space or condominium quantity is wanted — even if the internet shape asks for a complete cope with.
ZDNet bought permission from two Xfinity shoppers to test their data. We had been in a position to procure their complete cope with and zip code — which each shoppers showed. The website returned the Wi-Fi identify and password — in plaintext — used to connect with the community for some of the shoppers who makes use of an Xfinity router. The different buyer used to be the use of his personal router — and the website did not go back the Wi-Fi community identify or password.