Comcast Xfinity Published Private Client Contact Details by Mistake

Last updated June 29, 2021
Written by:
Bill Toulas
Bill Toulas
Cybersecurity Journalist

Approximately 200000 subscribers of the Comcast Xfinity service who were paying an additional amount to have their contact details kept private were eventually exposed by the telecommunications provider. The particular category of customers is based in the United States and has serious reasons to remain unlisted. Some fear for their personal safety, others are celebrities, others are working in law enforcement, and some just value their privacy more than the average American. So, the blunder from Comcast’s side introduces a severe risk for many of these individuals, and cannot be retracted or compensated.

What Comcast did was to publish the contact details of these customers on “ecolisting.com”. This website is an online phone number catalog that aims to offer an eco-friendly alternative to paper telephone directories. Until someone discovered this catastrophic error and fixed it, almost a full month had passed. This means that 200 thousand people who were paying an additional amount of $3.5 to $5.5 per month to keep their contact details undisclosed to the public had their details published. The worst part is that many of them never realized this exposure, so they didn’t have the time or opportunity to take protective measures.

ecolisting

Source: Ecolisting.com

As bad as all of this sounds, it has happened again, and Comcast hasn’t learned their lesson as it seems. In 2015, Comcast released unlisted customer contact details by mistake, exposing 75000 law enforcement officers, judges, domestic abuse victims, and many high-risk individuals in general. Back then, the telecom provider paid $432000 in compensations, and reportedly, they are doing something similar to ease down the aggravation of the exposed customers. Thus, they are refunding the monthly fees that went to keeping the data private and also handing out a credit of $100 to the exposed.

exposed_individual

Source: forums.xfinity.com

The company said that the mistake affected only 2% of their residential phone customers, but this isn’t making the case any less compromising for the affected subscribers. As there’s no way to determine if the exposed data has been picked up by malicious actors who are planning to publish it elsewhere or sell it, the subscribers should now change their contact details immediately. In some cases, the addresses were exposed along with the names and phone numbers, so the problem isn’t very easy to fix for everyone. Some are already reporting that their information is everywhere now and that they have found multiple sites that have their contact details up. It certainly looks like a class action lawsuit is on the way for Comcast.



For a better user experience we recommend using a more modern browser. We support the latest version of the following browsers: For a better user experience we recommend using the latest version of the following browsers: