Comcast, the largest cable operator in the U.S., said personal data for approximately 35.9 million customers of its Xfinity services may have been illegally accessed by hackers in a security breach that occurred in October.
On Monday, Comcast began notifying customers of the hack. The cable giant disclosed in a filing with the Maine attorney general that the breach affected as many as 35,879,455 customers.
In a statement to PvNew, a Comcast spokesperson said, “We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers. In addition, we required our customers to reset their passwords and we strongly recommend that they enable two-factor or multifactor authentication, as many Xfinity customers already do. We take the responsibility to protect our customers very seriously and have our cybersecurity team monitoring 24×7.”
According to Comcast’s notice to customers, on Oct. 10, 2023, one of Xfinity’s software providers, cloud-computing provider Citrix, announced a vulnerability in one of its products used by Xfinity (among other companies). Comcast said it “promptly patched and mitigated our systems” but subsequently discovered that between Oct. 16-19, 2023, there “was unauthorized access to some of our internal systems that we concluded was a result of this vulnerability.”
On Dec. 6, Comcast said, it “concluded that the information included usernames and hashed passwords.” For some Xfinity customers, other information was compromised, including names, contact information, the last four digits of Social Security numbers, dates of birth and/or secret questions and answers. Comcast said “our data analysis is continuing, and we will provide additional notices as appropriate.”
The cable operator is proactively asking customers to reset their passwords and said it “strongly encourage[s] you to enroll in two-factor or multifactor authentication.”
“The next time you login to your Xfinity account, you will be prompted to change your password, if you haven’t been asked to do so already,” the company said in the customer notice. “While we advise customers not to re-use passwords across multiple accounts, if you do use the same information elsewhere, we recommend that you change the information on those other accounts, as well.”
For the third quarter of 2023, Comcast reported 32.287 million residential and business broadband customers (a decline of 18,000 for the period) and 14.495 million video customers (a sequential loss of 490,000).