Comcast says hackers stole data of close to 36 million Xfinity customers::Hackers exploited a known but unpatched flaw, allowing hackers access to the sensitive information of almost 36 million Comcast customers.

  • crumpted@sopuli.xyz
    link
    fedilink
    English
    arrow-up
    33
    ·
    edit-2
    1 year ago

    Basically this data included customer details on 36 million customers, and Xfinity only has 32 million active customers…

    They’ve already admitted it includes all plaintext customer details (names, address, last 4 SSN, etc.), and their password hashes, but no info on what hashing function was used to make them, or if they were salted.

    This is just what they’ve admitted. Who wants to place bets on whether they also got all the customer data that shouldn’t be legal to collect, but is e.g. browsing habits, traffic analysis, user/household metadata?

    • inspxtr@lemmy.world
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      They don’t seem to allow account deletions. Does it mean that this could include accounts that they still keep but people don’t use their services anymore?

  • Eager Eagle@lemmy.world
    link
    fedilink
    English
    arrow-up
    11
    ·
    1 year ago

    with their website taking inexplicably long (~1min) to load a simple user settings page, I’m considering practicing some pentesting to be able to change my own info.

  • 4grams@awful.systems
    link
    fedilink
    English
    arrow-up
    5
    ·
    1 year ago

    I’m so used to having my personal info leaked. Sony, T-Mobile, Experian, LastPass, Comcast… what an incredible world we live in.

  • AutoTL;DR@lemmings.worldB
    link
    fedilink
    English
    arrow-up
    3
    ·
    1 year ago

    This is the best summary I could come up with:


    Comcast has confirmed that hackers exploiting a critical-rated security vulnerability accessed the sensitive information of almost 36 million Xfinity customers.

    This vulnerability, known as “CitrixBleed,” is found in Citrix networking devices often used by big corporations and has been under mass-exploitation by hackers since late August.

    Hackers have used the CitrixBleed vulnerability to hack into big-name victims, including aerospace giant Boeing, the Industrial and Commercial Bank of China, and international law firm Allen & Overy.

    Xfinity, Comcast’s cable television and internet division, became the latest CitrixBleed victim, the company confirmed in a notice to customers on Monday.

    The notice doesn’t say how many Xfinity customers have been impacted, and Comcast spokesperson Joel Shadle declined to say when asked by TechCrunch.

    In a filing with Maine’s attorney general, Comcast confirmed that almost 35.8 million customers are affected by the breach.


    The original article contains 446 words, the summary contains 139 words. Saved 69%. I’m a bot and I’m open source!