Malware
Xfinity Reveals Massive Data Breach: 35 Million People’s Information Compromised
Xfinity has disclosed a data breach impacting over 3.5 million users. The breach was caused by a misconfigured server exposing sensitive information, including usernames, addresses, and contact details. Affected customers are being offered free credit monitoring and identity theft protection services.
Imagine waking up one day to find out that your personal information has been compromised due to a security breach. That’s exactly what happened to millions of Xfinity customers recently.
Xfinity, a division of Comcast Cable Communications, revealed that attackers who infiltrated one of its Citrix servers in October also managed to steal sensitive customer information from its systems.
It all started on October 25th, about two weeks after Citrix released security updates to fix a critical vulnerability known as Citrix Bleed and tracked as CVE-2023-4966. The telecommunications company discovered evidence of malicious activity on its network between October 16th and October 19th. Cybersecurity firm Mandiant notes that the Citrix flaw had been exploited actively as a zero-day since at least late August 2023.
After further investigation, Xfinity found out on November 16th that the attackers had also exfiltrated data belonging to 35,879,455 people from its systems.
“After additional review of the affected systems and data, Xfinity concluded on December 6, 2023, that the customer information in scope included usernames and hashed passwords,” the company said. Furthermore, for some customers, other details may also have been included, such as names, contact information, last four digits of social security numbers, dates of birth, and/or secret questions and answers. However, the data analysis is still ongoing.
Users’ passwords reset without any explanation
While Xfinity claims to have asked users to reset their passwords to protect affected accounts, customers report that they had been receiving password reset requests last week without any indication as to why that was happening.
“To protect your account, we have proactively asked you to reset your password. The next time you login to your Xfinity account, you will be prompted to change your password if you haven’t been asked to do so already,” the company says in a data breach notice published on its website.
This isn’t the first time Xfinity customers have experienced security issues. A year ago, their accounts were hacked in widespread credential stuffing attacks that managed to bypass two-factor authentication. The compromised accounts were then used to reset account passwords for other services, including the Coinbase and Gemini crypto exchanges.
As your friendly IT Services, we strongly recommend that you enable two-factor or multi-factor authentication to safeguard your accounts, especially when sensitive personal information is at stake. Remember, we’re here to help you stay informed and protected in the world of cybersecurity.
So, don’t hesitate to come back and learn more about the latest security threats and how to protect yourself. Stay safe out there!