Do You Have Comcast? Your Personal Information May Have Been Exposed.

It was recently discovered that Comcast Xfinity inadvertently exposed the partial home addresses and Social Security numbers of more than 26 million customers last week. The online customer portal had vulnerabilities that would allow almost anyone to access personal information. Keep reading to learn more. 

There were two vulnerabilities that allowed personal data to be shared:

1. In-home authentication for customer portal – the portal asked customers to confirm their address by choosing from one of four partial home addresses, but hackers could easily obtain the customer’s IP address and trick the system so when they refreshed the login page they would see what address, the correct address, remained the same.

The former "in-home authentication" portal for Comcast customers.

2. Sign-up page for Comcast’s Authorized Dealers – if you had a customer’s billing address, a hacker could repeatedly guess the last four digits of a customer’s Social Security number because the login page did not limit the number of attempts. This is quickly, and easily, done by using a program that runs until the correct digits are inputted. Once they had this, they can steal your identity by tricking customer services reps into handing over your online account access.

The Comcast Authorized Dealer page requiring Social Security information.

There have been massive breaches over the past year, such as Equifax, Yahoo, UK’s National Heath Service and Reddit. Often it is later discovered that these leaks affected more people than originally estimated. So what should you do to protect yourself now?

  1. Run an up-to-date antivirus – we recommend McAfee because it is a leader in the antivirus industry and they work hard everyday to keep your private life safe and secure. Get a discount on McAfee Total Protection today.
  2. Update your passwords – we can’t stress this enough. Use strong, unique passwords across every site. We know this is difficult which is why we have a special deal with Dashlane Password Manager for free, it’ll allow you to generate and update your passwords with one click.
  3. If there is even a chance you have a virus, run a FixMeStick scan – viruses are designed to stay on your system undetected and hide from your antivirus which is why we recommend running FixMeStick once a month to make sure your computer is clean.

2 comments

    • Keegan Anfield -

      Hey Joe! Glad to here you’re being cyber safe while travelling. Please email our support team at support@fixmestick.com with your mailing address and we’ll mail you out a replacement.

Comments are closed.