Comcast says hackers stole data of close to 36 million Xfinity customers TechCrunch

pComcast has confirmed that hackers exploiting a criticalrated security vulnerability accessed the sensitive information of almost 36 million Xfinity customersppThis vulnerability known as CitrixBleed is found in Citrix networking devices often used by big corporations and has been under massexploitation by hackers since late August Citrix made patches available in early October but many organizations did not patch in time Hackers have used the CitrixBleed vulnerability to hack into bigname victims including aerospace giant Boeing the Industrial and Commercial Bank of China and international law firm Allen OveryppXfinity Comcasts cable television and internet division became the latest CitrixBleed victim the company confirmed in a notice to customers on MondayppThe US telecom giant said that hackers exploiting the CitrixBleed vulnerability had access to its internal systems between October 16 and October 19 but that the company did not detect the malicious activity until October 25ppBy November 16 Xfinity determined that information was likely acquired by the hackers and in December the company concluded that this included customer data including usernames and hashed passwords which are scrambled and stored in a way that makes them unreadable to humans Its not immediately clear how the passwords were scrambled or using which algorithm as some weaker hashing algorithms can be crackedppThe company says for an unspecified number of customers hackers may have also accessed names contact information dates of birth the last four digits of Social Security numbers and their secret questions and answersppComcast notes that our data analysis is continuing and we will provide additional notices as appropriate suggesting additional types of data may also have been accessedppThe notice doesnt say how many Xfinity customers have been impacted and Comcast spokesperson Joel Shadle declined to say when asked by TechCrunch In a filing with Maines attorney general Comcast confirmed that almost 358 million customers are affected by the breach Comcasts latest earnings report shows the company has more than 32 million broadband customers suggesting this breach has impacted most if not all Xfinity customersppIts not yet known whether Xfinity received a ransom demand how the incident has impacted the companys operators or whether the incident has been filed with the US Securities and Exchange Commission as required by the regulators new data breach reporting rules Comcasts spokesperson would not sayppWe are not aware of any customer data being leaked anywhere nor of any attacks on our customers said Shadle in an email to TechCrunchppXfinity says it is requiring that customers reset their passwords and recommends the use of twofactor or multifactor authentication which the company doesnt require by default for all customer accountsppUpdated with additional comment from ComcastppRead more on TechCrunchppTech gifts you shouldnt buy your family and friends for the holidaysppp