Comcast Discloses Hackers May Have Stolen Data on 35.9 Million Xfinity Customers
19.12.2023 - 14:29
/ variety.com
Todd Spangler NY Digital Editor Comcast, the largest cable operator in the U.S., said personal data for approximately 35.9 million customers of its Xfinity services may have been illegally accessed by hackers in a security breach that occurred in October. On Monday, Comcast began notifying customers of the hack.
The cable giant disclosed in a filing with the Maine attorney general that the breach affected as many as 35,879,455 customers. According to Comcast’s notice to customers, on Oct.
10, 2023, one of Xfinity’s software providers, cloud-computing provider Citrix, announced a vulnerability in one of its products used by Xfinity (among other companies). Comcast said it “promptly patched and mitigated our systems” but subsequently discovered that between Oct.
16-19, 2023, there “was unauthorized access to some of our internal systems that we concluded was a result of this vulnerability.” On Dec. 6, Comcast said, it “concluded that the information included usernames and hashed passwords.” For some Xfinity customers, other information was compromised, including names, contact information, the last four digits of Social Security numbers, dates of birth and/or secret questions and answers.
Comcast said “our data analysis is continuing, and we will provide additional notices as appropriate.” The cable operator is proactively asking customers to reset their passwords and said it “strongly encourage[s] you to enroll in two-factor or multifactor authentication.” “The next time you login to your Xfinity account, you will be prompted to change your password, if you haven’t been asked to do so already,” the company said. “While we advise customers not to re-use passwords across multiple accounts, if you do use the same
.