Xfinity Forum Archive...
This is an archived section of the community.
Content in this area has been identified as outdated or irrelevant.
This change was done in an effort to make the forum easier to use and to keep only the most helpful and recent content active.
Post your questions in the Xfinity Community
The scenario is this, you have a Comcast account for years (in my case, since 2002), starting around the end of 2017 (in my case October 2017), you start noticing that while you can log in to your account, it's now associated with another address. You call Comcast, provide all the details needed... you inform them you have multiple services with Comcast (my case internet/mobile service) but could have had other services (in past had the full package including home service). That you now have access to someone else's address, their phone number, their devices. They disable your login for 72 hours while they investigate the ownership of the account (which a few years ago was a snap, it only took 2 minutes using CADM, their username manager). After 72 hours, your username (along with any secondaries) are back on your account, you have a ticket documenting this had happened, what the results of the investigation were, and given a ticket number, sent on your way with a promise that it should NEVER happen again, but if it does, it should be real easy for them to prove it's yours.
My case goes on, November, it happens again, repeat ALL the same steps above, given the same promises. December it happens not once, but twice! And now in June, it happens a fifth time. Something that hadn't happened in 16 years, happened 5 times in under 8 months.
Now the reason I am asking is that I suspect that there has been a simple line of code removed from the new/existing username setup process for new accounts. That when you get to the setup, you type a username, and if that username is in use, it's SUPPOSED to kick back an error (it had in the past) but now no longer gives you an error, a simple username can be moved. An agent actually told me that it has to do with installers just typing the username in as if it's a new username, and it just transfers. So any common username can be transferred without any check, any password, any user verification... So names like Harry, Sam, John, Jon, James, Larry, Stan, Jessica, Jane, etc., etc., are being moved and their owners are either not dealing with the hassle of trying to get them back or being massively inconvenienced by this. (But it can also happen to uncommon usernames too, it would just be more noticeable with common ones as it would happen multiple times.)
But, it doesn't stop there, if the original (and PROPER) owner of this username has access to this account, they have access to the box information, address information, phone number, etc. And this then becomes a headache and inconvenience for those with modems or digital boxes (that can be reset or reprogrammed remotely), but it because a security risk for those with the Comcast HOME security service, because now that person has access to cameras, to locks, to the security system.
I have been trying to make Comcast aware of the problem to fix the broken code to prevent it from happening. This is likely not only a potential identity theft issue, but also a liability issue for those with services like the Home service.
If you know someone who has had their username transferred, or are one of the victims of this, you should reply with a simple statement of that. Comcast won't fix this unless they see the problem, it's a cost/benefit analysis to them. I don't think anyone being at risk because re-adding a few lines of code (or re-evaluating their code), costs money should be an issue for a company that used their profits to build three skyscrapers in Philadelphia in order to get into the real-estate market.