Comcast’s Xfinity website had a bug that leaked Wi-Fi passwords
https://www.theverge.com/2018/5/22/17381046/comcast-xfinity-website-bug-leaked-wi-fi-passwords
The Comcast website that activates Xfinity routers has a bug that exposes customers’ personal information. As reported by ZDNet, the page for setting up home Wi-Fi and cable services can display the home address of where the router is located and give away the Wi-Fi password. Comcast learned about the bug and fixed its site shortly after the report, and it said it’s conducting an investigation.
The bug was first spotted by two security researchers who told ZDNet their findings. The website initially requests the user’s full home address in order to verify your account and register their device. But researchers found they could sidestep that requirement with a customer ID along with an apartment or house number, prompting the website to reveal the full address and Wi-Fi password.