Comcast website bug leaks Xfinity customer data

Only a customer account ID and that customer’s house or apartment number is needed — even though the web form asks for a full address. That information could be grabbed from a discarded bill or obtained from an email. In any case, a determined attacker could simply guess the house or apartment number. – Zack Whittaker, ZDnet https://ift.tt/2ICpv5y