Comcast, the largest cable operator in the United States, said the personal data of about 35.9 million customers of its Xfinity services may have been illegally accessed by hackers in a security breach in october.
On Monday, Comcast began notifying its customers about the hack. The cable giant revealed in a filing with the Maine Attorney General that the breach affected up to 35,879,455 customers.
In a statement to Variety, a Comcast spokesperson said: “We are not aware of any customer data leaks or attacks against our customers. Additionally, we have asked our customers to reset their passwords and strongly recommend that they enable two-factor or multi-factor authentication, as many Xfinity customers already do. We take the responsibility to protect our customers very seriously and require our cybersecurity team to monitor them 24/7.
According to Comcast’s notice to customers, on October 10, 2023, one of Xfinity’s software vendors, cloud computing provider Citrix, announced a vulnerability in one of its products used by Xfinity (among other companies) . Comcast said it “quickly patched and mitigated our systems” but then discovered that between October 16 and 19, 2023, “there was unauthorized access to certain of our internal systems that we concluded was was the result of this vulnerability.
On December 6, Comcast said it had “concluded that the information included hashed usernames and passwords.” For some Xfinity customers, other information was compromised, including names, contact information, last four digits of Social Security numbers, dates of birth, and/or secret questions and answers. Comcast said “our analysis of the data continues and we will provide additional advice as appropriate.”
The cable operator proactively asks customers to reset their passwords and said it “strongly encourages you to sign up for two- or multi-factor authentication.”
“The next time you sign in to your Xfinity account, you will be prompted to change your password, if you have not already been asked,” the company said in the customer advisory. “While we advise customers not to reuse passwords across multiple accounts, if you use the same information elsewhere, we recommend changing the information on those other accounts as well.”
For the third quarter of 2023, Comcast reported 32.287 million residential and business broadband customers (a decline of 18,000 for the period) and 14.495 million video customers (a sequential loss of 490,000).