Get all your news in one place.
100’s of premium titles.
One app.
Start reading
Kiplinger
Kiplinger
Business
Joey Solitro

Comcast Discloses Breach Affecting About 36 Million Accounts

Red hazard sign and the words "data breach" sit on top of a partial computer keyboard.

Comcast has confirmed a security breach affecting 36 million U.S. Xfinity accounts, according to media reports.

Comcast said that hackers exploited a vulnerability in third-party software provider, Citrix, which it uses for remote network access, according to a December 19 Wall Street Journal (WSJ) report.

The breach occurred between October 16 and 19, exposing usernames, hashed passwords, names, contact information, birth dates, the last four digits of users’ social security numbers and secret questions and answers, WSJ said.

The company joins a long list of well-known brands hit by cyber attacks this year, including genetic testing company 23andMe, which earlier this month disclosed a data breach affecting 6.9 million users.

On October 10, the week before Comcast’s breach, Citrix published an advisory on its website about two vulnerabilities in its systems. According to an October 27 report from cybersecurity firm Rapid7, the two vulnerabilities allow “an attacker to read large amounts of memory after the end of a buffer,” that in turn would allow a bad actor to “impersonate another authenticated user.” 

Citrix released a software update to fix the vulnerability on October 23. It also noted that it received reports of session hijacking and targeted attacks exploiting the vulnerability.

“We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” a Comcast spokesperson told the WSJ in the report. He added that the company is requiring customers to reset their passwords and recommends enabling multi-factor authentication.

How to secure your Xfinity account

If you're an Xfinity customer, you’ll want to follow the company’s guidance and immediately change your password. Experts recommend choosing a secure, easy-to-remember password, such as a nonsensical combinations of symbols, numbers and upper-and-lower-case numbers.

Experts also encourage people to strongly consider enabling multi-factor authentication, just as Comcast has recommended for its customers.

To do this for your Xfinity account, download the company's app, which the company says is available for download on Apple and Android phones. Then follow these steps. You will then be able to approve or deny log-in attempts with a yes/no button push, facial recognition, one-touch fingerprint ID, traditional text message or email codes, or a code generator.

Related Content

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.