Today, Comcast notified customers of a massive data breach that exposed customers’ personal data. This data breach likey included customers’ hashed passwords, contact details, and the last four digits of social security numbers along with the birthdates of some customers, Comcast said in a letter to customers.
“On October 10, 2023, one of Xfinity’s software providers, Citrix, announced a vulnerability in one of its products used by Xfinity and thousands of other companies worldwide. At the time Citrix made this announcement, it released a patch to fix the vulnerability. Citrix issued additional mitigation guidance on October 23, 2023. We promptly patched and mitigated our systems.” Comcast said in a statement to customers. ” However, we subsequently discovered that prior to mitigation, between October 16 and October 19, 2023, there was unauthorized access to some of our internal systems that we concluded was a result of this vulnerability. We notified federal law enforcement and conducted an investigation into the nature and scope of the incident. On November 16, 2023, it was determined that information was likely acquired.”
It is suggested that Comcast customers change their passwords and use two-factor authentication. Doing so will help protect your account. You should also change any passwords on other services that use the same email and password. It is unknown exactly how many customers may have had their data exposed, but thousands of customers’ data are at risk.
Update: Comcast sent Cord Cutters News this statement on the breach. “We are providing notice to customers about a data security incident which exploited a vulnerability previously announced by Citrix, a provider used by Xfinity and thousands of other companies worldwide. We promptly patched and mitigated the vulnerability. We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers. In addition, we required our customers to reset their passwords and we strongly recommend that they enable two-factor or multi-factor authentication, as many Xfinity customers already do. We take the responsibility to protect our customers very seriously and have our cybersecurity team monitoring 24×7.”
Comcast detected the data breach on October 25, 2023, but is only now notifying customers.
Cord Cutters News is reaching out to Comcast for comment and will update our story as we learn more.