Comcast Reveals Hackers Stole Data of Approximately 36 Million Xfinity Customers

Table of Contents

Critical-Rated Security Vulnerability Exploited by Hackers

In a shocking revelation, Comcast has confirmed that hackers exploiting the critical-rated security vulnerability known as ‘CitrixBleed’ have accessed sensitive information of almost 36 million Xfinity customers. This vulnerability, found in Citrix networking devices often used by big corporations, has been under mass-exploitation by hackers since late August.

What is CitrixBleed?

CitrixBleed is a critical-rated security vulnerability that affects Citrix networking devices. It allows hackers to access sensitive information and gain control over the device’s internal systems. The vulnerability was identified in late August, but many organizations failed to patch it in time, leaving their systems exposed to potential threats.

Xfinity Becomes the Latest Victim

Xfinity, Comcast’s cable television and internet division, became the latest CitrixBleed victim, confirming the breach in a notice to customers on Monday. The company stated that hackers exploiting the vulnerability had access to its internal systems between October 16 and October 19, but it did not detect the ‘malicious activity’ until October 25.

Details of the Breach

Hackers accessed Xfinity’s internal systems between October 16 and October 19.
The company detected the malicious activity on October 25.
By November 16, Xfinity determined that ‘information was likely acquired’ by the hackers.
In December, the company concluded that this included customer data, including usernames and ‘hashed’ passwords.

What Data Was Exposed?

For an unspecified number of customers, hackers may have accessed:

Names
Contact information
Dates of birth
The last four digits of Social Security numbers
Secret questions and answers

Comcast’s Response

Comcast is requiring that customers reset their passwords and recommends the use of two-factor or multi-factor authentication — which the company doesn’t require by default — for all customer accounts. However, it’s unclear how many Xfinity customers have been impacted, as Comcast spokesperson Joel Shadle declined to say when asked.

SEC Reporting Requirements

The incident has sparked concerns about whether Xfinity received a ransom demand and how the breach may impact the company’s operations. The U.S. Securities and Exchange Commission (SEC) requires companies to report data breaches within 48 hours of discovery, but it’s unclear if Comcast will file with the regulator.

Expert Insights

Why is Two-Factor Authentication So Important?

Two-factor authentication (2FA) adds an extra layer of security by requiring a user to provide two different forms of verification before accessing an account. This includes something the user knows (like a password), and something the user has (like a code sent via SMS).

How Can I Protect Myself from Data Breaches?

To protect yourself from data breaches, use:

Strong, unique passwords for each account
Two-factor or multi-factor authentication whenever possible
A reputable antivirus program to detect and prevent malware infections
Regularly update your operating system and software to ensure you have the latest security patches

Take Action Now

If you’re a Xfinity customer, take the following steps to protect your account:

Change Your Password: Immediately reset your password and use a strong, unique one.
Enable Two-Factor Authentication: If possible, enable two-factor or multi-factor authentication for an extra layer of security.
Monitor Your Account Activity: Regularly check your account activity to ensure no unauthorized access has occurred.

By taking these steps, you can help safeguard your Xfinity account and protect yourself from potential data breaches.

Stay informed about the latest cybersecurity news and trends by following TechCrunch’s Security section.