Comcast Discloses Breach Affecting About 36 Million Accounts
Comcast confirmed a breach exposing the personal information of 36 million U.S. Xfinity account holders.
Comcast has confirmed a security breach affecting 36 million U.S. Xfinity accounts, according to media reports.
Comcast said that hackers exploited a vulnerability in third-party software provider, Citrix, which it uses for remote network access, according to a December 19 Wall Street Journal (WSJ) report.
The breach occurred between October 16 and 19, exposing usernames, hashed passwords, names, contact information, birth dates, the last four digits of users’ social security numbers and secret questions and answers, WSJ said.
Sign up for Kiplinger’s Free E-Newsletters
Profit and prosper with the best of expert advice on investing, taxes, retirement, personal finance and more - straight to your e-mail.
Profit and prosper with the best of expert advice - straight to your e-mail.
The company joins a long list of well-known brands hit by cyber attacks this year, including genetic testing company 23andMe, which earlier this month disclosed a data breach affecting 6.9 million users.
On October 10, the week before Comcast’s breach, Citrix published an advisory on its website about two vulnerabilities in its systems. According to an October 27 report from cybersecurity firm Rapid7, the two vulnerabilities allow “an attacker to read large amounts of memory after the end of a buffer,” that in turn would allow a bad actor to “impersonate another authenticated user.”
Citrix released a software update to fix the vulnerability on October 23. It also noted that it received reports of session hijacking and targeted attacks exploiting the vulnerability.
“We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” a Comcast spokesperson told the WSJ in the report. He added that the company is requiring customers to reset their passwords and recommends enabling multi-factor authentication.
How to secure your Xfinity account
If you're an Xfinity customer, you’ll want to follow the company’s guidance and immediately change your password. Experts recommend choosing a secure, easy-to-remember password, such as a nonsensical combinations of symbols, numbers and upper-and-lower-case numbers.
Experts also encourage people to strongly consider enabling multi-factor authentication, just as Comcast has recommended for its customers.
To do this for your Xfinity account, download the company's app, which the company says is available for download on Apple and Android phones. Then follow these steps. You will then be able to approve or deny log-in attempts with a yes/no button push, facial recognition, one-touch fingerprint ID, traditional text message or email codes, or a code generator.
Related Content
Get Kiplinger Today newsletter — free
Profit and prosper with the best of Kiplinger's advice on investing, taxes, retirement, personal finance and much more. Delivered daily. Enter your email in the box and click Sign Me Up.
Joey Solitro is a freelance financial journalist at Kiplinger with more than a decade of experience. A longtime equity analyst, Joey has covered a range of industries for media outlets including The Motley Fool, Seeking Alpha, Market Realist, and TipRanks. Joey holds a bachelor's degree in business administration.
-
A Checklist for Retiring in 2025
Navigating the final stretch of your professional career can be daunting. We've compiled a checklist to help you put your best foot forward into retirement.
By Alina Tugend Published
-
Leave Your Life Story as a Legacy for Your Heirs
Here are eight resources to help pass your life story on to your family. How do you want to be remembered?
By Kathryn Pomroy Published
-
Visa, Mastercard's Swipe Fee Settlement Might Save You Money, For Now
The limited-time agreement directly benefits merchants, which can potentially pass savings on to consumers.
By Keerthi Vedantam Published
-
New List Out On Medicare Part B Drugs Eligible for Rebates
Some Medicare beneficiaries may pay lower coinsurance rates from April 1 to June 30 for the drugs, HHS says.
By Joey Solitro Published
-
Use An iPhone? You May Be Hearing From A Class-Action Lawsuit Group
A handful of suits against the iPhone maker seek to crack down on everything from app store purchases to messaging.
By Keerthi Vedantam Published
-
Capital One/Discover: What's In Their Wallet For You?
Push back on Capital One's planned merger with Discover is growing with one group of consumer advocates calling for a public hearing.
By Keerthi Vedantam Published
-
Lawmakers: Nix Social Security Offsets For Seniors In Student Loan Default
Offsetting Social Security benefits to pay for defaulted student loans can be devastating for some beneficiaries, lawmakers say.
By Joey Solitro Published
-
Stellantis Recalls 285K Vehicles Over Airbag Problems
Defective airbag inflators on certain Chrysler and Dodge vehicles could rupture and cause injury or death, NHTSA says.
By Joey Solitro Published
-
HHS Funding Secured As Major Government Shutdown Avoided
With passage of the fiscal 2024 appropriations package, Medicare and Social Security are among the key agencies to receive funding through September 30.
By Esther D’Amico Last updated
-
State Farm To Exit Homeowner Renewal Policies in California
State Farm plans to send non-renewal notices to 72,000 home and apartment policyholders starting this July.
By Esther D’Amico Published