The most recent major Comcast breach occurred on October 16, 2023 and affected users of their Xfinity broadband and entertainment platform. Here’s a summary of the key details:
What happened:
- Hackers exploited a vulnerability in Citrix software used by Comcast for remote network access.
- Unauthorized access to internal systems occurred between October 16 and 19, 2023.
- The breach potentially impacted 35.8 million Xfinity customer accounts.
What information was exposed:
- Usernames and hashed passwords.
- For some customers, additional information like:
- Names
- Contact information
- Birth dates
- Last four digits of Social Security numbers
- Secret questions and answers
What Comcast did:
- Discovered the suspicious activity on October 25, 2023 and notified law enforcement.
- Began notifying affected customers on December 6, 2023, through various channels.
- Patched the Citrix vulnerability in mid-October.
- Offered credit monitoring and identity theft protection services to affected customers.
What you can do:
- Change your Xfinity password immediately.
- Be cautious of phishing emails or calls claiming to be from Comcast regarding the breach.
- Monitor your credit reports for any suspicious activity.
- Consider using a password manager to create strong and unique passwords for all your accounts.
Further resources:
- Comcast’s press release: https://www.wsj.com/tech/cybersecurity/comcast-says-data-of-36-million-accounts-was-compromised-in-breach-1af59984
- Kiplinger article: https://www.youtube.com/watch?v=cKTdizLlm20
- Cybersecurity Dive article: https://www.thestreet.com/technology/comcast-xfinity-data-breach-two-factor-auth-help-bypass
I hope this information is helpful! Please let me know if you have any further questions.
Leave a Reply