Posted on 12/21/2023 8:30:56 PM PST by Libloather
Dec. 20 (UPI) -- Xfinity is notifying its customers that a hacker data breach got access to the personal information of 36 million customers, nearly all of Xfinity's customers.
The data included passwords, user names and security-question answers.
An Xfinity notice to customers this week said that the hack was due to a vulnerability in Citrix software that was patched. Subsequently, Xfinity discovered that hackers had nonetheless gained access to customers' personal data.
"After additional review of the affected systems and data, Xfinity concluded on December 6, 2023, that the customer information in scope included usernames and hashed passwords; for some customers, other information may also have been included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers," the Xfinity notice said.
The company said that the data analysis is continuing. The hack was found during a routine cybersecurity exercise, according to Xfinity.
Cloud computing company Citrix had announced a vulnerability in its software Oct. 10 and issued mitigation guidance Oct. 23.
On Oct. 25, Xfinity said, it discovered "suspicious activity and subsequently determined that between October 16 and October 19, 2023, there was unauthorized access to its internal systems that was concluded to be a result of this vulnerability."
Xfinity required users to reset their passwords and strongly recommended its customers enable two-factor authorization to secure accounts.
(Excerpt) Read more at msn.com ...
We have an xfinity account, and heard this today. Unhappy.
Comcast — go figure
This happened in October and they’re just now notifying people? A bit late.
I wonder if they’ll bother notifying me. My bill just came in the other day and the only thing they notified me about was the increase in my bill starting next month. *spit*
So do I have Xfinity, but have not heard from Xfinity about it...
As of this posting...
Guess I’d better get another password-sentence ready...
I went online to Xfinity tonight to explore options after they notified me of a 25% rate increase. They made me change my password to get on my account. No notice from them about the data compromise in the bill, just a warning of the huge rate change. Once I got into my account they had a link to explanations of the data breach.
all an attacker has to do is hack your phone, steal it, download your info from a hacker site. login and enable two-factor authorization against you the owner. trust me, you’ll never get your account back from say fb without undergoing even more risk to your identity, etc.
stupidest idea ever. but yet the clueless are all gung ho. let’s give fb etc. all our phone data too. at least with a password that can’t be changed without an original email, you’ve got a chance, to get your account back.
My password is still good.
The wife and
I had to both change our passwords to get into our accounts. A pita, but it’s better than the alternative…
Signed in to pay bill and said had to change my password. Thought it was odd but now I know why. I didn’t receive any notification of hacking.
Same
Great, now I gotta change my password, again!
I didn’t either and they pushed the two step sign in. It is a pain in the ass but I suppose it may be necessary.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.