A security hole in a Comcast service-activation website allowed anyone to obtain a customer’s Wi-Fi network name and password by entering the customer’s account number and a partial street address, ZDNet reported yesterday.
The problem would have let attackers “rename Wi-Fi network names and passwords, temporarily locking users out” of their home networks, ZDNet wrote. Obviously, an attacker could also use a Wi-Fi network name and password to log into an unsuspecting Comcast customer’s home network.
Shortly after ZDNet’s story was published, Comcast disabled the website feature that was leaking Wi-Fi passwords. “Within hours of learning of this issue, we shut it down,” Comcast told ZDNet and Ars. “We are conducting a thorough investigation and will take all necessary steps to ensure that this doesn’t happen again.”