Nearly 200,000 customers in the United States, who thought they were paying Comcast Xfinity to keep their information safely out of the public eye, have had their details exposed on the company’s online directory.
Customers pay Comcast each month to keep their personal details names, phone numbers, and addresses out of public databases. The reason they do this is not just because they are privacy-conscious, but also because they might be concerned about their personal safety.
So you can well understand why they might feel aggrieved to discover that the company seems to have ignored their instructions, and made supposedly “unlisted” contact details available for anyone to access on ecolisting.com – a site it lauded as a eco-friendly replacement to old-fashioned paper telephone directories.
If you visit the ecolisting.com website today you’ll be greeted by the following message:
Effective March 5th, directory listings will no longer be a feature of Xfinity Voice service.
This means we will no longer make available any directory listing information about our Xfinity Voice customers through ecolisting.com, directory assistance, or print publications. This includes names, phone numbers, and addresses. We also will not share any of this information with third-party publishers.
We’re making this change as part of our ongoing commitment to enhance customer privacy.
Comcast said on Friday 5 February that it removed the sensitive information as soon as it realised its mistake, and that the contact details had been online for less than a month.
Affected customers have been given a $100 credit from Comcast Xfinity for their trouble, but as some have pointed out – that’s not actually fixing the issue.
This isn’t the first time Comcast has clumsily leaked its customers’ contact details. In 2015, for instance, the company was fined $33 million for carelessly publishing the names, phone numbers, and addresses of around 75,000 users in its online directory.
Huh! Doesn’t that sound familiar?
Almost half a million dollars ended up being awarded to law enforcement officers, judges, and domestic abuse victikms who said that their safety had been put at risk due to the data leak.
By the way, Comcast. You might want to get an SSL certificate for ecolisting.com as it’s currently only using HTTP.
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.