Xfinity suffered a data breach but doesn't know quite how bad it was

Xfinity says a data breach likely led to attackers obtaining customers' usernames and hashed passwords. Other personal information may have been exposed, such as names, contact information, the last four digits of social security numbers, dates of birth and secret questions and answers. The company added that its analysis of the attack is ongoing, which may explain why it hasn't disclosed the number of customers who have been affected. Xfinity also notes that it informed law enforcement about the incident.

On October 10, Citrix disclosed a vulnerability in software that Xfinity and many other businesses use. It provided guidance on how to mitigate the vulnerability on October 23 and Xfinity said it swiftly patched the problem. However, while carrying out a routine cybersecurity check two days later, Xfinity spotted suspicious activity in its systems. It later determined that bad actors accessed its internal network between October 16 and 19.

Xfinity says it's informing customers of the incident via its website, email and by other means. It's urging them to change their passwords, to make sure they don't use the same passwords on different accounts and to enable two-factor or multi-factor authentication. Xfinity also suggested that folks who use the same login credentials on other accounts change their passwords on those.

This isn't the first security incident Xfinity has had to deal with. Back in 2018, it emerged there was a bug in a Comcast website used to activate Xfinity routers. The issue led to some customers' home addresses being exposed, along with the name and password for their Wi-Fi networks.

This article originally appeared on Engadget at https://www.engadget.com/xfinity-suffered-a-data-breach-but-doesnt-know-quite-how-bad-it-was-100711214.html?src=rss https://www.engadget.com/xfinity-suffered-a-data-breach-but-doesnt-know-quite-how-bad-it-was-100711214.html?src=rss