Xfinity notifies customers of data breach due to “software vulnerability”
01/03/2024 / By Zoey Sky
Xfinity, the Comcast-owned telecommunications business, announced in December that hackers accessed customers’ personal information by exploiting a vulnerability in software used by the company.
In a notice to customers, Xfinity announced that there was unauthorized access to internal systems because of this vulnerability between Oct. 16 and 19, 2023.
The alleged software vulnerability was previously announced by software provider Citrix.
Xfinity discovered the “suspicious activity on Oct. 25 and in the succeeding months concluded that the hackers “likely acquired” data.
On Dec. 6, Xfinity said the accessed information included customer usernames and hashed passwords. The hackers also acquired data such as the last four digits of Social Security numbers, account security questions, birthdates and contact information of some customers.
An investigation on the breach is still ongoing, but in a statement, Xfinity claimed that it is “not aware of any customer data being leaked anywhere, nor of any attacks on our customers.”
Xfinity also advised customers to reset their passwords and strongly recommended two-factor or multifactor authentication to boost account security.
A filing with Maine’s office of the Attorney General revealed that at least 35.9 million people were affected by the breach. The company declined to confirm a specific number, but it said that the filing’s figure represents user IDs.
According to a recent earnings release, Philadelphia-based Comcast has more than 32 million broadband customers.
Aside from Xfinity, Citrix provides software to thousands of companies around the world. The vulnerability, named “Citrix Bleed,” has also been associated with other hacks targeting the Industrial and Commercial Bank of China’s New York arm and a Boeing subsidiary, among others.
Under new rules, the Securities Exchange Commission (SEC) now requires public companies to disclose all cybersecurity breaches that could affect their bottom lines at least within four days of determining a breach is material.
As of Dec. 19, there were no SEC filings from Comcast about the data breach and the company did not immediately address it. (Related: Apple releases emergency software update after Pegasus spyware breach.)
Internet safety tips
As technology advances and hackers become more determined, data breaches have become more common. Follow the internet safety tips below to help improve your account security and protect your account information:
Use unique passwords for all accounts
Hackers often have a great success rate even if they only steal a batch of username and password combinations from one source because they can then steal information by trying those same combinations on other accounts.
For example, hackers can get your username and password by hacking an email provider. They will then try to log into banking sites or major online stores using the same username and password combination.
The best way to prevent one data breach from having a catastrophic domino effect is to always use a strong and unique password for all your online accounts.
Turn on multi-factor authentication
Multi-factor authentication adds one more step to account log-ins, but it can help make your accounts more secure. Multi-factor authentication means you need to pass another layer of authentication, not just a username and password, to access your accounts.
If the data or personal information in your account is sensitive or valuable, and the account offers multi-factor authentication, it’s best to enable it. Online services like Gmail and Dropbox offer multi-factor authentication.
Multi-factor authentication verifies your identity using at least two out of three different forms of authentication:
- Something you know is your password.
- Something you are could mean authentication using your fingerprint, or through facial recognition.
- Something you have could be your smartphone. Alternatively, you might be asked to enter a code sent via text or tap a confirmation button on a mobile app. It could also be a physical Security Key; both Google and Microsoft have announced the move push toward this kind of authentication.
Visit CyberWar.news for similar stories about hacking and cyber attacks.
Watch the video below discussing the truth about the New Zealand vaccine data breach.
This video is from the Tammy Cuthbert Garcia channel on Brighteon.com.
More related stories:
Google allows users to have their explicit photos removed from search results.
Pizza Hut Australia HACKED! Data security breach exposes customers’ personal information.
Hunter Biden sues IRS whistleblowers for BREACH OF PRIVACY over tax probe.
Sources include:
Submit a correction >>
Tagged Under:
big government, Citrix, comcast, computing, cyber security, cyber war, dangerous, data breach, data privacy, Glitch, hackers, hacking, information technology, national security, privacy watch, terrorism, tips, Xfinity
This article may contain statements that reflect the opinion of the author
RECENT NEWS & ARTICLES
