According to recent news, the Comcast Xfinity data breach has affected 35 million people, and the bad actors have stolen important information. Here is everything you need to know about it!
Recently, Comcast’s Xfinity service shared some concerning news about a big data breach affecting a whopping 35 million users. This breach happened because hackers took advantage of a weak point in one of Xfinity’s servers called Citrix. The unauthorized activity occurred between October 16 and October 19, and Xfinity noticed it on October 25. The hackers exploited a problem known as Citrix Bleed, which had been causing issues since August 2023.
“Citrix” is the key name behind the Comcast Xfinity data breach
Cybersecurity experts found out that the Citrix problem had been causing trouble since August 2023. Xfinity only spotted the issue on October 25, two weeks after Citrix fixed the problem. The investigation showed that the hackers took data between October 16 and October 19. By November 16, Xfinity confirmed that customer information, like usernames and passwords, got into the wrong hands. The public learned about the Comcast Xfinity data breach on December 6, 2023.
Xfinity’s examination revealed that the stolen customer information includes usernames and passwords that were scrambled for security. For some users, more personal data might be at risk, like names, contact details, the last four digits of social security numbers, birth dates, and secret questions and answers. Even though they’re still looking into it, Xfinity is playing it safe and asking users to change their passwords to protect their accounts.
Okta data breach leaks information of employees
Despite Xfinity trying to make things safer, some users got messages to change their passwords without a clear explanation. To clear things up, Xfinity said, “To protect your account, we have proactively asked you to reset your password. The next time you log in to your Xfinity account, you will be prompted to change your password if you haven’t been asked to do so already.”
According to Bleeping Computer, Xfinity didn’t left people in limbo and made an announcement via a company spokesperson. Here is what the company said about the matter:
We are providing notice to customers about a data security incident which exploited a vulnerability previously announced by Citrix, a software provider used by Xfinity and thousands of other companies worldwide. We promptly patched and mitigated the vulnerability. We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers.
In addition, we required our customers to reset their passwords and we strongly recommend that they enable two-factor or multi-factor authentication, as many Xfinity customers already do. We take the responsibility to protect our customers very seriously and have our cybersecurity team monitoring 24×7.
Previous security incidents
This isn’t the first time Xfinity users have faced security issues. About a year ago, there were problems with accounts getting hacked using a method called credential stuffing. This allowed hackers to reset passwords for other services, like cryptocurrency exchanges Coinbase and Gemini.
Google One data breach checker: Dark web report explained
As Xfinity deals with this data breach fallout, users are reminded to stay alert and follow the safety steps recommended. Xfinity is working hard to figure out if any more information got compromised. While they sort things out, Xfinity wants users to know they are committed to keeping everyone informed and secure during these challenges in online security.
Featured image credit: Fili Santillán/Unsplash
