Quantcast

Hackers Steal Private Data from 36 Million Xfinity Customers

By Headline USA (Syndication)
FILE - Signage for Xfinity, the cable division of Comcast, is displayed in Philadelphia, July 15, 2015. Hackers accessed Xfinity customers’ personal information by exploiting a vulnerability in software used by the company, the Comcast-owned telecommunications business announced this week. In a Monday, Dec. 18, 2023, notice to customers, Xfinity said there was unauthorized access to internal systems as a result of this vulnerability — which was previously announced by software provider Citrix — between Oct. 16 and 19. (AP Photo/Matt Rourke, File)

(Eli Pacheco, Headline USAHackers tapped into a critically rated security vulnerability through Comcast, granting them access to sensitive data for nearly 36 million customers of its TV and internet division, Xfinity.

The breach, confirmed on Tuesday, started in August, according to a TechCrunch report. The report referred to the vulnerability as CitrixBleed, which affects networking devices for big corporations. Citrix produced a patch to combat the hack in October, but many companies didn’t implement it in time.

Some customers might have had key data compromised, too, Comcast said. This data includes:

  • Names
  • Contact information
  • Date of birth
  • The last four digits of Social Security numbers
  • Secret questions and answers

Boeing and Commercial Bank of China have also been compromised through CitrixBleed, according to TechCrunch. The law firm Allen & Overy is also affected. 

In a notice delivered on Monday, Xfinity said it would require customers to reset their passwords, and it also recommended two-factor or multi-factor authentication to secure their accounts.

The company wouldn’t say how many Xfinity customers the breach affected, according to TechCrunch. However, Comcast’s filing with Maine’s attorney general said it compromised almost 35.8 million customers’ data.

The company’s latest earnings report put the total number of broadband customers at 32 million.

Comcast said its internal systems were compromised from Oct. 16-19 and that malicious activity was undetected until Oct. 25. Xfinity said it had determined hackers had “acquired” data by Nov. 16, including usernames and hashed passwords.

Hashed passwords are scrambled. However, some hashing algorithms can also be hacked. 

Also in the note: Comcast said its data analysis continues, leaving the possibility of more data leaks. “We will provide additional notices as appropriate,” the notice read. 

The report didn’t mention if hackers sent Xfinity a ransom demand or if Comcast filed the incident with the U.S. Securities and Exchange Commission.

The regulator’s data breach reporting rules require it, but the Comcast spokesperson wouldn’t confirm if the company had.

Click Here To Comment
Previous articleApple Pulls Watches w/ Blood Oxygen Feature Due to Patent Dispute
Next articleMeta’s Censorship of 2 Israel-Hamas Videos Reversed by Oversight Board

TRENDING NOW

The information presented here is for general educational purposes only. You should always consult with your personal physician regarding any personal health problem, and you should always consult with your financial adviser regarding investment decisions. FDA DISCLOSURE: The statements, articles, and products featured in Headline Wealth emails and at HeadlineWealth.com have not been evaluated by the Food and Drug Administration. No information or products appearing in emails or the website are intended to diagnose, treat, cure, or prevent any disease. MATERIAL CONNECTION DISCLOSURE: Headline Wealth may have an affiliate relationship and/or another material connection to any persons or businesses mentioned in or linked to from emails or the website and may receive commissions from purchases you make on subsequent web sites. You should not rely solely on information published by Headline Wealth to evaluate the product or service being offered. Always exercise your own due diligence before purchasing any product or service.

Copyright 2023. No part of this site, HeadlineWealth.com, may be reproduced in whole or in part in any manner without the permission of the copyright owner. To inquire about licensing content, use the contact form located HERE .