08-09-2018, 01:15 PM
if you search the forum back in 2012 or so, I posted that I discovered a serious security flaw at a major corporation. yes, it was Comcast.
What happened: my modem was crapping out, so I went to target and got a NEW modem. When I opened it at home, I suspected something wasn't quite right. I think ethernet cable was missing, and some of the cable twisty ties look like they were reused. Anyway, as my old modem was not working, I plugged this new modem in and I was expecting having to call Comcast to activate... no, it just worked. I logged into my comcast account, then a few hours later when I tried to log in again I was in fact in someone else's comcast account. I could see their bills, emails, etc. I looked up their name, it was a person living in the next town over.
I guess they used that modem, didn't like it and returned it to target. Target resold it as new. Comcast still had the modem activated ("provisioned") and they used that MAC address to log into the owner account somehow. I guess once you logged in, then on the next log in they used the MAC address instead of cookies in your browser. So I ended up in that person's account.
here is the original story.
http://forums.macresource.com/read.php?1,1403595
What happened: my modem was crapping out, so I went to target and got a NEW modem. When I opened it at home, I suspected something wasn't quite right. I think ethernet cable was missing, and some of the cable twisty ties look like they were reused. Anyway, as my old modem was not working, I plugged this new modem in and I was expecting having to call Comcast to activate... no, it just worked. I logged into my comcast account, then a few hours later when I tried to log in again I was in fact in someone else's comcast account. I could see their bills, emails, etc. I looked up their name, it was a person living in the next town over.
I guess they used that modem, didn't like it and returned it to target. Target resold it as new. Comcast still had the modem activated ("provisioned") and they used that MAC address to log into the owner account somehow. I guess once you logged in, then on the next log in they used the MAC address instead of cookies in your browser. So I ended up in that person's account.
here is the original story.
http://forums.macresource.com/read.php?1,1403595