Comcast revealed that a major data breach at Xfinity may have compromised the accounts of nearly 36 million accounts. A vulnerability in one of its software vendors, Citrix, exposed usernames and hashed passwords, as well as names, contact information, the last four digits of social security numbers, dates of birth and secret questions and answers for some customers.
Xfinity is Comcast’s brand name for its broadband, video and phone services. It has 32 million subscribers, some with multiple user IDs.
In a statement today, Comcast said: “We are notifying customers of a data security incident that exploited a security vulnerability previously reported by Citrix, a software provider used by Xfinity and thousands of other companies around the world. “We patched the vulnerability immediately. and fastened. We are not aware of any customer data leaks or attacks on our customers anywhere. Additionally, we have required our customers to reset their passwords and strongly recommend enabling two-factor or multi-factor authentication, as many Xfinity customers already do. We take the responsibility of protecting our customers very seriously and have our cyber security team monitored 24/7.”
In an earlier statement, the company said Citrix disclosed the vulnerability on October 10 for one of its products used by Xfinity. Citrix released a patch and other guidance, but the media giant then discovered that there had been unauthorized access to its internal systems from October 17 to 19, before the fixes.
The company said it notified federal law enforcement and launched an investigation, which concluded on Dec. 6 that consumer data had been breached. It continues to analyze things and in the meantime asks subscribers to change their passwords.
“We know you trust Xfinity to protect your data, and we cannot stress enough how seriously we take this matter. We remain committed to continuing to invest in technology, protocols and experts committed to protecting your data and protecting you, our customers,” the company said.
Other major companies such as Boeing and Toyota are also affected by the security flaw called Citrix Bleed. Many states require companies to report data breaches, which is how the news first broke.
Source: Deadline
Elizabeth Cabrera is an author and journalist who writes for The Fashion Vibes. With a talent for staying up-to-date on the latest news and trends, Elizabeth is dedicated to delivering informative and engaging articles that keep readers informed on the latest developments.
