Xfinity data breach affects more than 35 million — what we know
Xfinity customers, be aware. You may have been affected by a major data breach.
Comcast, operating under the brand name Xfinity — and offering a range of services including internet, TV, and phone — has commenced the process of informing customers about a significant data breach impacting tens of millions.
According to a breach notice posted by the government of Maine (first reported by Bleeping Computer), 35,879,455 people have been affected.
What was stolen?
In early October, cloud computing company Citrix announced that it discovered a vulnerability affecting products used globally by companies like Xfinity. By late October, the vulnerability, known as Citrix Bleed, was actively being exploited, according to the cybersecurity firm Mandiant. Around that time, Citrix also released a critical update, patching the security flaw.
Once the update was available, Xfinity said it patched the security flaw. Soon after, however, Xfinity uncovered “unauthorized access” to its internal systems related to the vulnerability and notified federal authorities. Xfinity concluded that data had likely been compromised by mid-November.
According to Xfinity, it determined earlier this month that customer information that was accessed during the breach included usernames and hashed passwords. However, Xfinity added that some customers may have also had their names, contact information, last four digits of their social security numbers, dates of birth, and secret questions and answers stolen, too. The company said it’s still investigating the data breach.
“We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” said an Xfinity spokesperson in a statement provided to media outlets.
All Xfinity customers have had their account passwords reset, so don’t be alarmed when you log into your account for the first time since the data breach was disclosed. Xfinity recommends that customers use two-factor authentication for additional security.