Hackers now have access to almost every customer’s personal information thanks to a data breach at Xfinity. This Comcast data breach impacts almost 36 million users.
Comcast, which owns Xfinity, informed consumers on Monday that there was “unauthorized access to its internal systems” due to a software flaw in Citrix, a cloud computing provider that Xfinity uses.
Xfinity stated that it started informing consumers about the data breach on Monday via several platforms, such as the news media, email, and Xfinity website.
The business claimed that between October 16 and 19, unauthorized users gained access to its internal systems, and on October 25, during a regular cybersecurity exercise, they found the “suspicious activity”.
Federal law enforcement was notified by Xfinity, which also claims to have launched an investigation “into the nature and scope of the incident.” The business claimed to have concluded on November 16 that the information was probably obtained.
“While Xfinity advises customers not to re-use passwords across multiple accounts, the company is recommending that customers change passwords for other accounts for which they use the same username and password or security question,” the business stated in a note to its clients.
Millions are affected by the Comcast data breach; Xfinity claims hackers stole personal data
According to Comcast, hackers gained access to nearly 36 million of their customer’s data through a data breach.
Xfinity claimed that the breach was brought about by a flaw in their Citrix software system.
First and foremost, according to a cyber security expert, Xfinity customers should change their account usernames and passwords immediately.
He claimed that even though your information may not have been compromised, it is still not as secure as it was before this hack.
Xfinity reported that after Citrix, the software provider they use, released a “patch,” or a set of modifications to a computer programming system that fixes bugs, hackers were able to access the personal information of millions of customers. Citrix was left open to hackers gaining unauthorized access because of that patch.
The suspicious activity was detected by the company in October. However, Xfinity didn’t learn that personal data, including security question answers and the final four digits of some customers’ social security numbers, had been stolen until December.
All of the company’s clients are now required to enable multifactor authentication and reset their account passwords and user names. However, they stated that they are not currently aware of any significant breaches or assaults on clients.
“Just turning it on will fix 99.2% of all phishing attempts to steal your credentials. Therefore, enable MFA if a service has it. MFA is available through Xfinity. Activate it. and make use of it,” stated Pulsar Security’s CTO, Duane Laflotte. “I understand it’s not fun to type in that code, but it will help you be more secure and it’s super simple to do.”
Laflotte stated that there are several ways for hackers to steal identities.
“Credential stuffing is I’ll use passwords that I find from a breach at Xfinity and use them against Bank of America, Home Depot, wherever,” Laflotte explained. “That’s one type of attack we’ll see.”
On the dark web, the hackers also sell items like bank login credentials.
Because of this, experts advise monitoring your bank account information and credit score—especially if you use the same passwords for several accounts.
In a statement, Comcast said that it has security measures in place to identify illegal activity such as this hack.
“We remain committed to investing in technology, protocols and experts dedicated to helping protect our customers,” Xfinity stated in a statement.
Xfinity announced that it had started looking into the security breach. Now, Citrix is being sued in a class action capacity.
According to Laflotte, breaches can occur anywhere. “Yes, Xfinity is here to assist with this. However, it is also your responsibility as a user of any online service to ensure that you are abiding by the guidelines of cyber hygiene, according to Laflotte. “Protect yourself.”