Comcast Xfinity Discloses Data Breach Affecting Over 35 Million People
Sergiu Gatlan, Bleeping Computer:
Cybersecurity company Mandiant says the Citrix flaw had been
actively exploited as a zero-day since at least late
August 2023.
Following an investigation into the impact of the incident,
Xfinity discovered on November 16 that the attackers also
exfiltrated data from its systems, with the data breach affecting
35,879,455 people.
“After additional review of the affected systems and data, Xfinity
concluded on December 6, 2023, that the customer information in
scope included usernames and hashed passwords,” the company
said. “[F]or some customers, other information may also
have been included, such as names, contact information, last four
digits of social security numbers, dates of birth and/or secret
questions and answers. However, the data analysis is continuing.”
Not sure what that last sentence means other than “Hold onto your butts, it might be even worse than we know so far.”
★
Sergiu Gatlan, Bleeping Computer:
Cybersecurity company Mandiant says the Citrix flaw had been
actively exploited as a zero-day since at least late
August 2023.
Following an investigation into the impact of the incident,
Xfinity discovered on November 16 that the attackers also
exfiltrated data from its systems, with the data breach affecting
35,879,455 people.
“After additional review of the affected systems and data, Xfinity
concluded on December 6, 2023, that the customer information in
scope included usernames and hashed passwords,” the company
said. “[F]or some customers, other information may also
have been included, such as names, contact information, last four
digits of social security numbers, dates of birth and/or secret
questions and answers. However, the data analysis is continuing.”
Not sure what that last sentence means other than “Hold onto your butts, it might be even worse than we know so far.”