Connect with us

Security

Comcast hit by huge data breach: everything you need to know

Comcast is the latest company to disclose a serious data breach that could involve the theft of customers’ personal information.

Comcast logo with lock
Image: KnowTechie

If you subscribe to Comcast’s Xfinity TV or Xfinity Internet services, now might be a good time to change your password.

This week, the company issued a press release affirming it was the victim of a data breach after one of its software vendors discovered a security bug that was being actively exploited by hackers.

The press release was issued when Comcast started notifying Maine regulators about the cybersecurity incident involving customer data theft, as required by state law.

Comcast is expected to distribute similar notices in states with near-identical laws on the books and where it operates its Xfinity services.

Here is a look at what exactly happened, what Comcast is doing about the situation, and what steps you need to take to protect yourself.

Xfinity home app  on smartphone
Image: Comcast

What happened?

The situation began unfolding in early October at a software company called Citrix, which provides tech-related services to thousands of enterprise customers like Comcast. 

Specifically, Citrix discovered that one of its products, Citrix NetScaler, had a serious security bug that allowed hackers to grab authentication tokens from onboard memory devices using the software.

Imagine an “authentication token” as a single string of random letters and numbers that ultimately reveal a username and password — it’s a bit more complicated than that, but keep that analogy in mind.

Once a hacker obtained the authentication token, they essentially had access to a company’s NetScaler platform.

To make matters even worse, the same exploit was also found to affect Citrix Gateway, a similar service that allows companies to remotely — and, supposedly, securely — access parts of their technical infrastructure.

Citrix published a security bulletin on October 10, notifying clients like Comcast about the situation.

However, researchers believe the exploit was actively being used by hackers as soon as August, giving them plenty of time to target government users and corporations that rely on the two Citrix products.

Video: WNEP / YouTube

How does Comcast fit into all of this?

Comcast didn’t say which Citrix products it uses, but given that the company offers residential and enterprise broadband Internet services, it’s fair to assume Comcast probably uses both NetScaler and Gateway as part of its business. 

In a press release issued on Monday, Comcast said it received guidance from Citrix on two occasions — October 10 and October 23 — with information about how to fix the security problem.

On October 25, Comcast said it was performing a “routine cybersecurity exercise,” and that is when it discovered that hackers likely gained access to its internal systems between October 16 and October 19.

“Xfinity notified federal law enforcement and initiated an investigation into the nature and scope of the incident,” a Comcast spokesperson said in a statement. 

What kind of information was supposedly taken?

It took Comcast nearly three weeks to conclude that “information was likely acquired,” which may include the personal information of some of its Xfinity TV, Xfinity Internet, and Xfinity Mobile subscribers.

That information could include:

  • A customer’s name
  • A customer’s address and other contact information
  • The last four digits of a customer’s Social Security number
  • A customer’s date of birth
  • Usernames and “hashed,” or encrypted, passwords
  • The answers to a customer’s “secret” login question(s)

Comcast said the findings are not conclusive, and its “data analysis is continuing.” But, since the company apparently has information that leads it to believe customer information was “likely acquired,” it began notifying state government officials and customers accordingly.

It isn’t clear why Comcast waited nearly a full month to notify customers after reaching the conclusion that the personal data of Xfinity subscribers may have been compromised.

A Comcast spokesperson has not yet returned an email seeking more information on that point.

What should Comcast customers do?

Purekeep password manager illustration on a purple background
Image: KnowTechie

Change your Comcast Xfinity password

Comcast said it is proactively requiring some customers to reset their passwords when they try to log on to the Xfinity website and related apps.

If a customer gets this prompt, it doesn’t necessarily mean their account information was compromised, only that it could have been.

if you’re a Comcast customer, it’s probably a good idea to change the password on the Xfinity website and any other account where that password may have been reused. 

Stop reusing the same password

Since most of us live in the real world where no one actually does that, signing up for a password manager like Bitwarden or NordPass is a good idea.

READ MORE: The best free password managers

Password managers offer a safe (for the most part) way to manage different passwords from a single secure service.

Some — like NordPass and 1Password — will even warn you if you’re using an insecure password or reusing a password across different services.

Editor's Pick
Nordpass NordPass
4.5
Starts at $1.29
What We Like:
  • Zero-Knowledge Architecture: Ensures that your passwords and data are encrypted on your device before reaching their servers for ultimate privacy.
  • User-Friendly Interface: Designed for ease of use, allowing quick access to stored passwords and personal information with minimal effort.
  • Secure Password Sharing: Makes sharing passwords with family or colleagues safe and hassle-free, enhancing collaborative security practices.
  • Data Breach Scanner: Regularly checks to see if your personal information has been exposed in a breach, offering proactive security measures.
KnowTechie is supported by its audience, so if you buy something through our links, we may get a small share of the sale.

Turn on “Two-factor authentication” wherever it is offered.

Two-factor authentication (2FA) is an extra layer of security that, coupled with a hard-to-guess password, makes it extremely difficult for hackers to gain access to your online accounts.

Two-factor authentication (2FA) is an extra layer of security that, coupled with a hard-to-guess password, makes it extremely difficult for hackers to gain access to your online accounts.

In most cases, Two-Factor Authentication involves sending a six-digit code to your phone, usually by text message (though, in some cases, you can also opt for a phone call).

Google two factor feature on iphone
Image: KnowTechie

There are also apps that will generate Two-Factor Authentication codes for e-mail services, social media accounts, and others.

Two-factor Authentication should always be turned on for services where hackers:

  1. Could steal your money (think bank accounts or services where you pay for things online, like Amazon, your home Internet provider, etc.).
  2. Could steal your personal data, like billing information, irreplaceable photos, or email messages.

Xfinity customers looking to add two-factor authentication to their accounts can follow along with this guide via the Xfinity website.

Keep an eye on your credit report and score.

While Comcast says it isn’t aware of anyone actively using the personal information of Xfinity subscribers, some data like names, addresses, birthdates, and Social Security numbers can be used by hackers to open loans, credit lines, and bank accounts.

Most banks, credit unions, and credit card companies offer a limited amount of credit monitoring and alerts to customers for free; if they don’t, Experian offers free basic credit monitoring.

Wrapping this all up

Comcast’s recent acknowledgment of a data breach serves as a critical reminder of the digital vulnerabilities that exist even within large corporations.

With all that said, act now: change your Xfinity password, stop reusing passwords, and turn on two-factor authentication. Stay vigilant to protect your personal info from cyber threats.

Have any thoughts on this? Drop us a line below in the comments, or carry the discussion to our Twitter or Facebook.

Editors’ Recommendations:

Just a heads up, if you buy something through our links, we may get a small share of the sale. It’s one of the ways we keep the lights on here. Click here for more.

Follow us on Flipboard, Google News, or Apple News

Matthew Keys is an award-winning freelance journalist who covers the intersection of media, technology and journalism. He is the publisher of TheDesk.net and a contributor to KnowTechie, StreamTV Insider (formerly Fierce Video) and Digital Content Next. Matthew is based in Northern California.

Click to comment

Leave a Reply

Your email address will not be published. Required fields are marked *

More in Security