Xfinity, a subsidiary of Comcast, has informed authorities of a data breach, which may have led to the theft of customers' usernames and hashed passwords. The attackers may also have obtained other
personal information
, such as names, contact information, the last four digits of social security numbers, dates of birth, and secret questions and answers.
Xfinity stated that it is still analysing the attack and has informed law enforcement about the incident. In a filing with the attorney general's office in Maine, Comcast revealed that the breach has affected 35.8 million people. As of the end of September, Comcast had 32.3 million broadband customers, indicating that the vast majority of Xfinity customers may have been compromised.
Citrix, a company that makes software used by Xfinity, found a problem on October 10th. Xfinity promptly acted and fixed the problem. However, two days later, during a routine check, Xfinity spotted some suspicious activities in its systems. They found out that someone had got into their network without permission between October 16th and 19th.
Xfinity is notifying its customers about a security incident using its website, email, and other communication channels. It is advising all customers to change their passwords and to avoid using the same password on multiple accounts. Additionally, Xfinity recommends customers enable two-factor or multi-factor authentication to enhance their account security further. It is also suggested that customers who use the same login credentials on other accounts change their passwords on those accounts as well.
This is not the first security incident that Xfinity has had to face. In 2018, it was disclosed that there was a bug in a Comcast website used to activate Xfinity routers. The issue led to some customers' home addresses being exposed, along with the names and passwords for their Wi-Fi networks.
English (US) ·