Comcast Xfinity Discloses Data Breach Affecting Over 35 Million People

Sergiu Gatlan, Bleeping Computer:

Cybersecurity company Mandiant says the Citrix flaw had been actively exploited as a zero-day since at least late August 2023.

Following an investigation into the impact of the incident, Xfinity discovered on November 16 that the attackers also exfiltrated data from its systems, with the data breach affecting 35,879,455 people.

“After additional review of the affected systems and data, Xfinity concluded on December 6, 2023, that the customer information in scope included usernames and hashed passwords,” the company said. “[F]or some customers, other information may also have been included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, the data analysis is continuing.”

Not sure what that last sentence means other than “Hold onto your butts, it might be even worse than we know so far.”

Wednesday, 20 December 2023