Zack Whittaker reports:
A little-known page on Comcast’s Xfinity website was exposing customers’ account information to anyone — or any app — on a customer’s network.
An anonymous security researcher dropped ZDNet an email, explaining that an API used by the internet giant could be tricked into returning customer data, including account numbers, a customer’s home address (which can be used to pinpoint a person’s location), account type, and any services enabled on the line, including if a home security setup is active.
Read more on ZDNet.