Internet users in 9 million homes were wide open to hackers for nearly a month thanks to one major Internet provider's huge security flaw. Through this security hole, hackers could have taken over the users' computers, accounts, email, voice mail and even their cable TV service.
The dangerous vulnerability came to light last week with a tip from a former hacker. It turns out that one major Internet provider, Verizon, was depending upon a user's unique IP address to confirm their customers identification. Just one problem, an IP address can be easily faked.
By the way, an IP address, or Internet Protocol address, is that number of up to 12-digits that identifies every computer, smartphone, printer and everything else attached to the Internet. In this case, when Verizon received communication from an IP address that it assigned to home users, it used the IP as confirmation that it was talking to the owner of that account.
Once communication, like an online customer support chat, was started with a Verizon IP address, account settings like passwords could be changed or services ordered or canceled. With a new email password, a hacker could easily comb through a user's email looking for other account confirmations, bank statements, health records, social security numbers or anything else.
As if this security flaw wasn't scary enough, faking an IP address is actually really easy. Nearly anyone could pull off this hack with no special skills.