Xfinity was reportedly affected by a data breach, but the company however does not say just how many users were affected by the said incident. The breach according to the company involved names, birth dates, and contact information for some customers and clients.
Xfinity Data Breach
Xfinity is at the moment notifying customers of a “data security incident” it reveals resulted in the theft of customer information, and this is including usernames, passwords, contact information, and many more. In a notice on Monday, the company says “there was unauthorized access” to its systems from October 16th to October 19th, 2023.
Xfinity has traced the said breach to a security vulnerability that was disclosed by cloud computing company Citrix, which started alerting customers of a flaw in software Xfinity as well as other companies use on October 10th. And while Xfinity has stated that it patched the security hole, it however later uncovered suspicious activity on its internal systems “that was concluded to be a result of this vulnerability.”
Content of the Hack
The hack in question resulted in the theft of customer usernames and hashed passwords, as per the notice from Xfinity. Meanwhile, “some customers” may just have had their names, contact information, last four digits of their social security numbers, dates of birth, and/or secret questions and answers reportedly exposed. Xfinity has on their end notified federal law enforcement regarding the said incident and says “Data analysis is continuing.”
The Number of Affected Users by the Data Breach
We still don’t really know just how many users were affected by the reported breach. Xfinity will ask customers to change their passwords automatically the next time they log in to their accounts, and the company is also encouraging users to turn on two-factor authentication.
The Company’s Press Statement in Regard to the Hack
“We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” Xfinity spokesperson Joel Shadle in an emailed statement to The Verge says. “We take the responsibility to protect our customers very seriously and have our cybersecurity team monitoring 24×7.”
You can find the full notice, which is inclusive of the contact information for the company’s incident response team, on Xfinity’s website.
MORE RELATED POSTS
