Tuesday, December 19, 2023

Comcast confirms massive breach impacting nearly 36m customers

Comcast confirmed a data security breaching involving nearly 36 million of its Xfinity broadband customers across the U.S.

Comcast blamed the cyber intrusion on a zero-day vulnerability in Citrix software. Comcast claims to have patched the software promptly after Citrix issued in mitigation

guidance on October 23, 2023, however, it discovered unauthorized access to its systems between October 16 and October 19, 2023.

It is believed that compromised data included usernames, hashed passwords, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers.

Comcast's statement is posted here:

https://assets.xfinity.com/assets/dotcom/learn/Notice%20To%20Customers%20of%20Data%20Security%20Incident.pdf