Comcast Xfinity data breach affects more than 35 million people

Comcast is notifying Xfinity customers of a “data security incident” that it says resulted in the theft of customer information, including usernames, passwords, contact information, partial Social Security numbers and more. in Monday noticeXfinity said “there was unauthorized access” to its systems from October 16 to October 19, 2023.

BleepingComputer linked This Notice of Infringement Posted in Maine, which shows the total number of people affected by the breach is 35,879,455, including more than 50,000 people in Maine.

Xfinity traces the breach to a vulnerability disclosed by cloud computing company Citrix, which began alerting customers about a flaw in software used by Xfinity and other companies on October 10. While Xfinity now says it has fixed the vulnerability, it later disclosed suspicious activity on its internal systems “which was determined to be a result of this vulnerability.”

Report from BleepingComputer It also notes that Citrix has issued a notice of the vulnerability (now known as “Citrix Bleed”). About two weeks ago, on October 10, and asked customers to make the patch as soon as possible, although it did not observe active exploitation of the flaw. However, by October 18, Mandiant’s security researchers had succeeded mentioned It was under “active” exploitation, and on October 23, Citrix blog post She said she was aware of the targeted attacks.

The hack led to the theft of customers’ usernames and hashed passwords, According to Xfinity notice. At the same time, some Clients’ names, contact information, last four digits of their Social Security numbers, dates of birth, and/or confidential questions and answers may have been disclosed. Xfinity reported the incident to federal law enforcement and said “data analysis is ongoing.”

Xfinity will automatically require customers to change their passwords the next time they log in to their accounts, and it is also encouraging users to turn on two-factor authentication.

“We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” Xfinity spokesman Joel Schadel said in an emailed statement. the edge. “We take the responsibility of protecting our customers very seriously and are monitored 24/7 by our cybersecurity team.”

You can find the full notice, including contact information for the company’s incident response team, On the Xfinity website.

Updated December 18, 6:37 PM ET: Added statement from Xfinity.

Updated December 19, 9:26 a.m. ET: Added the number of people affected by the hack and additional details about the “Citrix Bleed” vulnerability.

Disclosure: Comcast is an investor in Vox Media. the edgemain company.