October 3, 2024
Hackers Steal Private Data from 36 Million Xfinity Customers

Hackers Steal Private Data from 36 Million Xfinity Customers

(Eli Pacheco, Headline USA) Hackers tapped into a critically rated security vulnerability through Comcast, granting them access to sensitive data for nearly 36 million customers of its TV and internet division, Xfinity.

The breach, confirmed on Tuesday, started in August, according to a TechCrunch report. The report referred to the vulnerability as CitrixBleed, which affects networking devices for big corporations. Citrix produced a patch to combat the hack in October, but many companies didn’t implement it in time.

Some customers might have had key data compromised, too, Comcast said. This data includes:

  • Names
  • Contact information
  • Date of birth
  • The last four digits of Social Security numbers
  • Secret questions and answers

Boeing and Commercial Bank of China have also been compromised through CitrixBleed, according to TechCrunch. The law firm Allen & Overy is also affected. 

In a notice delivered on Monday, Xfinity said it would require customers to reset their passwords, and it also recommended two-factor or multi-factor authentication to secure their accounts.

The company wouldn’t say how many Xfinity customers the breach affected, according to TechCrunch. However, Comcast’s filing with Maine’s attorney general said it compromised almost 35.8 million customers’ data.

The company’s latest earnings report put the total number of broadband customers at 32 million.

Comcast said its internal systems were compromised from Oct. 16-19 and that malicious activity was undetected until Oct. 25. Xfinity said it had determined hackers had “acquired” data by Nov. 16, including usernames and hashed passwords.

Hashed passwords are scrambled. However, some hashing algorithms can also be hacked. 

Also in the note: Comcast said its data analysis continues, leaving the possibility of more data leaks. “We will provide additional notices as appropriate,” the notice read. 

The report didn’t mention if hackers sent Xfinity a ransom demand or if Comcast filed the incident with the U.S. Securities and Exchange Commission.

The regulator’s data breach reporting rules require it, but the Comcast spokesperson wouldn’t confirm if the company had.

Source

Leave a Reply

Your email address will not be published. Required fields are marked *