Quantcast
Friday, December 20, 2024

Hackers Steal Private Data from 36 Million Xfinity Customers

Xfinity said it would require customers to reset their passwords, and it also recommended two-factor or multi-factor authentication to secure their accounts.

(Eli Pacheco, Headline USAHackers tapped into a critically rated security vulnerability through Comcast, granting them access to sensitive data for nearly 36 million customers of its TV and internet division, Xfinity.

The breach, confirmed on Tuesday, started in August, according to a TechCrunch report. The report referred to the vulnerability as CitrixBleed, which affects networking devices for big corporations. Citrix produced a patch to combat the hack in October, but many companies didn’t implement it in time.

Some customers might have had key data compromised, too, Comcast said. This data includes:

  • Names
  • Contact information
  • Date of birth
  • The last four digits of Social Security numbers
  • Secret questions and answers

Boeing and Commercial Bank of China have also been compromised through CitrixBleed, according to TechCrunch. The law firm Allen & Overy is also affected. 

In a notice delivered on Monday, Xfinity said it would require customers to reset their passwords, and it also recommended two-factor or multi-factor authentication to secure their accounts.

The company wouldn’t say how many Xfinity customers the breach affected, according to TechCrunch. However, Comcast’s filing with Maine’s attorney general said it compromised almost 35.8 million customers’ data.

The company’s latest earnings report put the total number of broadband customers at 32 million.

Comcast said its internal systems were compromised from Oct. 16-19 and that malicious activity was undetected until Oct. 25. Xfinity said it had determined hackers had “acquired” data by Nov. 16, including usernames and hashed passwords.

Hashed passwords are scrambled. However, some hashing algorithms can also be hacked. 

Also in the note: Comcast said its data analysis continues, leaving the possibility of more data leaks. “We will provide additional notices as appropriate,” the notice read. 

The report didn’t mention if hackers sent Xfinity a ransom demand or if Comcast filed the incident with the U.S. Securities and Exchange Commission.

The regulator’s data breach reporting rules require it, but the Comcast spokesperson wouldn’t confirm if the company had.

Copyright 2024. No part of this site may be reproduced in whole or in part in any manner other than RSS without the permission of the copyright owner. Distribution via RSS is subject to our RSS Terms of Service and is strictly enforced. To inquire about licensing our content, use the contact form at https://headlineusa.com/advertising.
- Advertisement -

TRENDING NOW

TRENDING NOW