this post was submitted on 19 Dec 2023

85 points (97.8% liked)

Privacy

31253 readers

672 users here now

A place to discuss privacy and freedom in the digital world.

Privacy has become a very important issue in modern society, with companies and governments constantly abusing their power, more and more people are waking up to the importance of digital privacy.

In this community everyone is welcome to post links and discuss topics related to privacy.

Some Rules

Posting a link to a website containing tracking isn't great, if contents of the website are behind a paywall maybe copy them into the post
Don't promote proprietary software
Try to keep things on topic
If you have a question, please try searching for previous discussions, maybe it has already been answered
Reposts are fine, but should have at least a couple of weeks in between so that the post can reach a new audience
Be nice :)

Related communities

Chat rooms

[Matrix/Element]Dead
Discord

much thanks to @gary_host_laptop for the logo design :)

founded 4 years ago

MODERATORS

[email protected]

Comcast says hackers stole data of close to 36 million Xfinity customers (techcrunch.com)

submitted 9 months ago by [email protected] to c/[email protected]

14 comments fedilink hide all child comments

Comcast has confirmed that hackers exploiting a critical-rated security vulnerability accessed the sensitive information of almost 36 million Xfinity customers.

This vulnerability, known as “CitrixBleed,” is found in Citrix networking devices often used by big corporations and has been under mass-exploitation by hackers since late August. Citrix made patches available in early October, but many organizations did not patch in time. Hackers have used the CitrixBleed vulnerability to hack into big-name victims, including aerospace giant Boeing, the Industrial and Commercial Bank of China, and international law firm Allen & Overy.

Comcast's statement

Notice To Customers of Data Security Incident
December 18, 2023 04:30 PM Eastern Standard Time

PHILADELPHIA--(BUSINESS WIRE)--Xfinity is providing notice of a recent data security incident. Starting today, customers are being notified through a variety of channels, including through the Xfinity website, email, and news media.

On October 10, 2023, Citrix announced a vulnerability in software used by Xfinity and thousands of other companies worldwide. Citrix issued additional mitigation guidance on October 23, 2023. Xfinity promptly patched and mitigated the Citrix vulnerability within its systems. However, during a routine cybersecurity exercise on October 25, Xfinity discovered suspicious activity and subsequently determined that between October 16 and October 19, 2023, there was unauthorized access to its internal systems that was concluded to be a result of this vulnerability.

Xfinity notified federal law enforcement and initiated an investigation into the nature and scope of the incident. On November 16, Xfinity determined that information was likely acquired. After additional review of the affected systems and data, Xfinity concluded on December 6, 2023, that the customer information in scope included usernames and hashed passwords; for some customers, other information may also have been included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, the data analysis is continuing.

Xfinity has required customers to reset their passwords to protect affected accounts. In addition, Xfinity strongly recommends that customers enable two-factor or multi-factor authentication to secure their Xfinity account, as many Xfinity customers already do. While Xfinity advises customers not to re-use passwords across multiple accounts, the company is recommending that customers change passwords for other accounts for which they use the same username and password or security question.

Customers with questions can contact Xfinity’s dedicated call center at 888-799-2560 toll-free 24 hours a day, seven days a week. More information is available on the Xfinity website at www.xfinity.com/dataincident.

Customers trust Xfinity to protect their information, and the company takes this responsibility seriously. Xfinity remains committed to continued investment in technology, protocols and experts dedicated to helping to protect its customers.

top 14 comments

sorted by: hot top controversial new old

[–] [email protected] 31 points 9 months ago (2 children)

This is infuriating, at this point I get several notifications a year about someone hacking my data. But every time I dont have a choice but to keep give data to the same companies . fucking hell

[–] [email protected] 22 points 9 months ago (1 children)

Its a hell of a thing reading this and finding out this way. They knew in October. They knew more in November. They finally say something in December, but I have yet to receive any communication from them acknowledging the breach. Thanks Comcast. You somehow suck and blow at the same time.

[–] [email protected] 5 points 9 months ago

the wait to disclose was probably on purpose. it will get a lot less media attention this time of year vs october.

[–] [email protected] 8 points 9 months ago (1 children)

Save your receipts for the inevitable class action… tumbleweed.gif

[–] [email protected] 7 points 9 months ago (2 children)

Oh boy, a check for $4.08!

[–] [email protected] 3 points 9 months ago (1 children)

yeah - the only people that actually get money from these are lawyers.

[–] [email protected] 2 points 9 months ago

If only there was a way a simple number they could increase to punish the company while also making victims whole.

[–] [email protected] 2 points 9 months ago

If it makes you feel better, the agency representing the class action will be paid handsomley

[–] [email protected] 16 points 9 months ago (1 children)

I love that all of my data is "open source" due to all of the security breaches

[–] [email protected] 15 points 9 months ago (1 children)

You can use google to find your social security number if you ever forget.

[–] [email protected] 5 points 9 months ago

We really are living in the future.

[–] [email protected] 12 points 9 months ago

I was trying to check how many customers Comcast has and, from what I saw, 36 million is just about all of them.

[–] [email protected] 4 points 9 months ago

Damn, companies were using Citrix because remote desktop companies were iffy and AWS/screenshare companies like zoom and TeamViewer weren't "enterprise-y" enough.

What a blow.

[–] [email protected] 3 points 9 months ago

This is the best summary I could come up with:

Comcast has confirmed that hackers exploiting a critical-rated security vulnerability accessed the sensitive information of almost 36 million Xfinity customers.

This vulnerability, known as “CitrixBleed,” is found in Citrix networking devices often used by big corporations and has been under mass-exploitation by hackers since late August.

Hackers have used the CitrixBleed vulnerability to hack into big-name victims, including aerospace giant Boeing, the Industrial and Commercial Bank of China, and international law firm Allen & Overy.

Xfinity, Comcast’s cable television and internet division, became the latest CitrixBleed victim, the company confirmed in a notice to customers on Monday.

The notice doesn’t say how many Xfinity customers have been impacted, and Comcast spokesperson Joel Shadle declined to say when asked by TechCrunch.

In a filing with Maine’s attorney general, Comcast confirmed that almost 35.8 million customers are affected by the breach.

The original article contains 446 words, the summary contains 139 words. Saved 69%. I'm a bot and I'm open source!