Xfinity data breach impacting over 35 million individuals. Here’s what you need to know.

Comcast is notifying over 35 million Xfinity customers about a data breach that exposed personal information, including names, contact details, last four digits of social security numbers, dates of birth, and secret questions and answers for some customers.

 On December 18, 2023, Xfinity disclosed unauthorized access to its systems that occurred between October 16th to October 19th, 2023.

 On October 10, Citrix reported a vulnerability in software used by Xfinity and other businesses. Xfinity promptly patched the issue. However, during a routine cybersecurity check two days later, suspicious activity was detected, confirming unauthorized access to Xfinity's internal network.

 According to cybersecurity firm Mandiant, the Citrix flaw has been actively exploited as a zero-day vulnerability since at least late August 2023.

 Trusted Internet closely monitors these activities, actively tracking ongoing cyber threats and executing necessary remedies to halt potential threats. However, Trusted Internet recommends any Xfinity users immediately take the following actions:

-        Log into Xfinity immediately. Change your password to a unique one, over 15 characters long, with at least one capital letter, one number, and one special character (e.g., “M0nst3rHum1dor1@!”).

-        Enroll in two-factor or multi-factor authentication.

-        Avoid re-using passwords across multiple accounts.

-        Change passwords and security questions where the same username is in use.

Need help? Schedule a no-cost 30-minute consult with one of our Virtual CISOs™; contact your assigned Virtual CISO™ or reach out to our Executive Cyber Support team at staysafeonline@trustedinternet.io for additional call-in assistance. 

References:

hxxps://www.bleepingcomputer.com/news/security/xfinity-discloses-data-breach-affecting-over-35-million-people/

hxxps://www.theverge.com/2023/12/18/24007082/xfinity-data-breach-hack-notice-citrix

hxxps://www.businesswire.com/news/home/20231218979935/en/Notice-To-Customers-of-Data-Security-Incident/

hxxps://www.engadget.com/xfinity-suffered-a-data-breach-but-doesnt-know-quite-how-bad-it-was-100711214.html

hxxps://cordcuttersnews.com/comcast-suffered-a-massive-data-breach-exposing-customers-personal-data/