Xfinity Hack May Have Compromised Millions Of Customers

Email Headline: Hackers DO IT – MILLIONS Of Customers Affected

The October cybersecurity breach at Xfinity exposed the personal data of nearly all of the Comcast-owned internet provider’s customers, including usernames, passwords, and security question answers, CBS News reported.

In a December 18 filing with the Maine Attorney General’s Office, Comcast said 35.8 million customers were affected by the breach that occurred between October 16-19. Customers were notified of the attack via email and on the Xfinity website, Comcast said.

The breach was due to a vulnerability in the software from the cloud computing company Citrix, known as the “Citrix Bleed.” While Citrix patched the vulnerability in October, Xfinity discovered that its internal systems were accessed by unauthorized users between October 16 and 19, exposing customer data, including the names, contact details, account usernames, passwords, parts of Social Security numbers, birthdates, and answers to security questions for some customers.

Citrix provides cloud computing software to thousands of companies worldwide. The vulnerability affecting Xfinity’s internal systems has also been linked to hacks targeting other Citrix customers, including a subsidiary of Boeing and the New York arm of the Industrial and Commercial Bank of China.

Under new rules that took effect on December 18, the Securities and Exchange Commission requires public companies to disclose all cyber breaches that could affect their financial results within four days.

All Xfinity customers, whether or not their accounts were breached, will be required to reset their usernames and passwords, according to Comcast.

Xfinity is also urging subscribers to set up a two-factor authentication to further secure their account information.

While the company advises its customers not to reuse usernames and passwords from other accounts, it recommends that any customers who used their Xfinity username, password, and/or security questions on other accounts should change all of them as well.