Xfinity notifies prospects of information breach linked to software program vulnerability

Technology
By Carolina Stanton

NEW YORK — Hackers accessed Xfinity prospects’ private info by exploiting a vulnerability in software program utilized by the corporate, the Comcast-owned telecommunications enterprise introduced this week.

In a Monday discover to prospects, Xfinity stated there was unauthorized entry to inside methods on account of this vulnerability – which was beforehand introduced by software program supplier Citrix – between Oct. 16 and 19.

Xfinity found the “suspicious activity” on Oct. 25, and within the following months decided that info was “likely acquired.” On Dec. 6, the corporate concluded that info included usernames and hashed passwords – and, for some prospects, the final 4 digits of Social Security numbers, account safety questions, birthdates and call info.

Analysis of the breach remains to be persevering with however thus far, Xfinity is “not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” the corporate stated in a press release despatched to The Associated Press Tuesday.

Xfinity can also be requiring prospects to reset their passwords, whereas strongly recommending two-factor or multifactor authentication.

A submitting with Maine’s workplace of the lawyer basic disclosed that almost 35.9 million individuals had been affected by this breach. The firm declined to verify a selected quantity Tuesday, however famous the submitting’s determine represents person IDs.

Philadelphia-based Comcast has greater than 32 million broadband prospects, in accordance a current earnings launch.

In addition to Xfinity, Citrix supplies software program to hundreds of firms around the globe. The previously-announced vulnerability, dubbed “Citrix Bleed,” has additionally been linked to hacks concentrating on the Industrial and Commercial Bank of China’s New York arm and a Boeing subsidiary, amongst others.

Under new guidelines that went into impact Monday, the Securities Exchange Commission now requires public firms to reveal all cybersecurity breaches that would have an effect on their backside traces – inside 4 days of figuring out a breach is materials. As of Tuesday, there have been no SEC filings from Comcast in regards to the current information breach and the corporate didn’t instantly deal with it.

Copyright © 2023 The Washington Times, LLC.

You might also like More from author