(LibertySociety.com) – According to Comcast, millions of Xfinity customers compromised their personal information when hackers took advantage of a security hole.
Since August, hackers have exploited a security breach called “CitrixBleed,’ which large organizations often employ. Although Citrix released updates in early October, many companies failed to apply them in time. High-profile companies victimized by unscrupulous hackers include the global law firm Allen & Overy, the Industrial and Commercial Bank of China, and aerospace giant Boeing.
U.S. telecom giant says it didn’t discover “malicious behavior” until October 25, when hackers used CitrixBleed vulnerability and accessed internal systems from October 16 to October 19.
The Xfinity team had already established by November 16 that the hackers had “likely gotten” “information,” and by December, they had also discovered that this data contained sensitive customer information, such as usernames and “hashed” passwords (passwords that are stored in a manner that renders them unreadable to humans). The method or technique used to scramble the passwords is unclear now; weaker hashing algorithms may be broken.
In a message to consumers on Monday, Comcast revealed that Xfinity, its cable television and internet subsidiary, became the latest victim of CitrixBleed.
According to the business, hackers may have obtained sensitive information, including names, dates of birth, contact details, secret questions and answers, and the last four digits of Social Security numbers, for an undetermined number of clients.
Comcast admitted that the hack affects almost 35.8 million subscribers in a complaint with the attorney general of Maine. Comcast’s most recent financial report shows the business has over 32 million broadband subscribers. This indicates that the majority, if not all, of Xfinity consumers have been affected by this hack.
The fate of Xfinity, the effects on the company’s operators, and whether or not the event has been reported to the U.S. Securities and Exchange Commission per updated data breach regulations are unknown.
Xfinity has announced that it will require password changes and strongly urges all user accounts to use the two- or multi-factor authentication, even though the firm does not mandate it by default.
According to the business, it is still meticulously cataloging all stolen items.