Visitor
•
3 Messages
Xfinity Assistant sent password as plain text over chat
When using Xfinity Assistant, I was asked to log in using my credentials. The automated system the sent my password back to me, without request, as plain text over the chat. The redacted text of its reply was "You WiFi name is XXXXX and your password is XXXXX. Do you want to change your WiFi password?" I closed everything, changed my password(s), and got into another chat with a live agent, this time to report this issue as a flagrant security concern. The agents (two; the issue was escalated) were helpful, but they didn't not seem to think this was a big issue, because the chat is conducted over a secure platform. I take for granted that the chat platform is indeed secure (it better be!), but sending open-text passwords over chats (or texts, or emails, or...) is so fundamentally bad that I can only wonder which other major mistakes Xfinity is making in securing its - and my! - network.
Accepted Solution
user_345ab4
Visitor
•
3 Messages
2 years ago
I cannot use Xfinity Assistant knowing that it may send my password as plain text over a chat. The fact that it was done without my request compounds the risk, but it is by no means the main issue. Please consult anyone with minimal security expertise; you will be told that sending passwords as plain text is a no-no. You simply cannot do it. Yes, it may be convenient to users, and yes, it will require effort and dedication on Xfinity's part to figure out an alternative, but that does not offset the consequences of having one's home network hacked. You have a faulty system, which needs to be fixed. You may be willing to take your chances on this issue and trust your platform, and should (when?) something bad happens, pay for credit reports, identity protection, and deal with the fallout, but that's a cavalier attitude when it comes to people's data which has been made insecure by such an wide open attack surface, and more so now that you have been made aware of it. As for me, I'll be fine, I just won't use Xfinity Assistant.
A final note: my interactions with everyone from Xfinity regarding this issue have been great - this is definitely not a concern about your customer service, kudos on that. The problem is with your processes and how an obvious problem can be surfaced to the right person at the company and then dealt with.
0
0
CCTimothyA
Problem Solver
•
785 Messages
2 years ago
@user_345ab4 Thank you for reaching out and bringing this to our attention. I can understand the frustration this has caused. The Xfinity Assistant is a secure message and the Wi-Fi name and password can be retrieved through this service in the off chance that you may have forgotten the credentials. Most of our customers have found this to be the easiest way to be able to get logged back in to the Wi-Fi network.
0
0