says a knowledge breach possible led to attackers acquiring clients’ usernames and hashed passwords. Different private data might have been uncovered, akin to names, contact data, the final 4 digits of social safety numbers, dates of delivery and secret questions and solutions. The corporate that its evaluation of the assault is ongoing, which can clarify why it hasn’t disclosed the variety of clients who’ve been affected. Xfinity additionally notes that it knowledgeable regulation enforcement in regards to the incident.
On October 10, Citrix in software program that Xfinity and plenty of different companies use. It offered steering on the best way to mitigate the vulnerability on October 23 and Xfinity mentioned it swiftly patched the issue. Nonetheless, whereas finishing up a routine cybersecurity test two days later, Xfinity noticed suspicious exercise in its programs. It later decided that unhealthy actors accessed its inner community between October 16 and 19.
Xfinity says it is informing clients of the incident by way of its web site, electronic mail and by different means. It is urging them to alter their passwords, to ensure they do not use the identical passwords on completely different accounts and to allow two-factor or multi-factor authentication. Xfinity additionally urged that people who use the identical login credentials on different accounts change their passwords on these.
This is not the primary safety incident Xfinity has needed to take care of. Again in 2018, it there was a bug in a Comcast web site used to activate Xfinity routers. The difficulty led to some clients’ dwelling addresses being uncovered, together with the identify and password for his or her Wi-Fi networks.