©Just_Super via Canva.com
Comcast’s Xfinity Faces a Massive Data Breach
December 20, 2023
Comcast’s Xfinity has been hit by a major data breach. The telecom giant recently reported a “data security incident” affecting its users, with unauthorized access to its systems between Oct. 16 and Oct. 19, 2023. The stolen data included customer usernames, encrypted passwords, contact details, fragments of social security numbers, and more.
“We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers. We take the responsibility to protect our customers very seriously and have our cybersecurity team monitoring 24×7.”
Joel Shadle , Xfinity spokesperson, via The Verge
According to BleepingComputer, the breach notice released in Maine revealed that a staggering 35,879,455 people globally were impacted. That’s over 50,000 people in the state of Maine alone.
The breach was traced back to a security flaw in the cloud company Citrix’s software, which is widely used by Xfinity and various other corporations. Citrix had issued an advisory regarding the vulnerability, now called “Citrix Bleed,” on Oct. 10, urging companies to implement a patch as swiftly as possible. Despite the alert, it seems Xfinity’s measures were a step too late.
Xfinity did apply the recommended patch, but subsequent investigations revealed suspicious activities on its networks. It was deduced that these irregularities were the direct result of the “Citrix Bleed.” It wasn’t until Oct. 18 that security research firm, Mandiant, announced that the vulnerability was under “active exploitation,” alerting the community about the threat.
Stolen data in this breach encompassed usernames and hashed passwords and, for some unfortunate customers, also extended to their names, contact details, the last four digits of their social security numbers, birth dates, and even secret question-answer pairs.
Following these security breach revelations, Xfinity is taking action to protect its customers. The company has reported the matter to federal law enforcement and continuing its analysis of the breached data. When users next log into their accounts, Xfinity will ask them to change their passwords. The company is also promoting the use of two-factor authentication to add an extra layer of security. Details of Xfinity’s announcement can be found on its website.
Recent News
Massive Data Breach Hits Ticketmaster, Affecting 560 Million Customers
Ticketmaster has fallen victim to a significant cyber-attack, potentially compromising the data of up to 560 million customers. The breach was confirmed by Ticketmaster’s parent company, Live Nation, which revealed that a notorious hacking group, ShinyHunters, is behind the attack. The hackers are demanding a ransom of approximately £400,000 to prevent the data from being sold on the dark web.
Toyota Recalls 100,000+ Tundra and Lexus LX SUVs Over Engine Debris Issue
Toyota has announced a recall for over 100,000 Tundra pickups and Lexus LX SUVs in North America due to potential engine issues caused by machining debris. This recall affects certain 2022-2023 models of the Tundra and LX, which are equipped with the new V6 twin-turbo engine. The V6 twin-turbo engine has faced considerable scrutiny regarding its reliability, especially when compared to the previous naturally aspirated V8 engines.
Wordle and Worldle Battle Over Names
A legal dispute has erupted between the wildly popular word game Wordle and the lesser-known geography game Worldle, centering on the similarity of their names. Wordle, which was developed by Josh Wardle in 2021 and later acquired by the New York Times in 2022 for a substantial sum, has gained immense popularity. In this game, players have six attempts to guess a five-letter word.
FDA Issues Recall for Crecelac Goat Milk Infant Formula
The U.S. Food and Drug Administration (FDA) has issued a safety alert regarding Crecelac Goat Milk Infant Formula and other infant formula products imported and distributed by Dairy Manufacturers Inc. The alert highlights Cronobacter contamination concerns with Crecelac Infant Powdered Goat Milk Infant Formula. Although Dairy Manufacturers Inc. initiated a recall on May 24, 2024, due to non-compliance with FDA regulations, new findings of Cronobacter contamination have prompted further action.