Xfinity is notifying clients of a “knowledge safety incident” it says resulted within the theft of buyer data, together with usernames, passwords, contact data, and extra. In a notice on Monday, Xfinity says “there was unauthorized entry” to its methods from October sixteenth to October nineteenth, 2023.
Xfinity traces the breach to a safety vulnerability disclosed by cloud computing firm Citrix, which started alerting clients of a flaw in software program Xfinity and different corporations use on October tenth. Whereas Xfinity says it patched the safety gap, it later uncovered suspicious exercise on its inner methods “that was concluded to be a results of this vulnerability.”
The hack resulted within the theft of buyer usernames and hashed passwords, according to Xfinity’s notice. In the meantime, “some clients” might have had their names, contact data, final 4 digits of their social safety numbers, dates of start, and / or secret questions and solutions uncovered. Xfinity has notified federal regulation enforcement concerning the incident and says “knowledge evaluation is continuous.”
We nonetheless don’t know what number of customers had been affected by the breach, and Xfinity didn’t instantly reply to The Verge’s request for remark. Xfinity will mechanically ask clients to vary their passwords the following time they log in to their accounts, and it’s additionally encouraging customers to activate two-factor authentication.
You could find the total discover, together with contact data for the corporate’s incident response workforce, on Xfinity’s website.