Signage for Xfinity, the cable division of Comcast, is displayed in Philadelphia, July 15, 2015. Hackers accessed Xfinity customers’ personal information by exploiting a vulnerability in software used by the company, the Comcast-owned telecommunications business announced this week. In a Monday, Dec. 18, 2023, notice to customers, Xfinity said there was unauthorized access to internal systems as a result of this vulnerability — which was previously announced by software provider Citrix — between Oct. 16 and 19. (AP Photo/Matt Rourke, File)
Hackers accessed Xfinity customers' personal information by exploiting a vulnerability in software used by the company, the Comcast-owned telecommunications business announced this week.
In a Monday notice to customers, Xfinity said there was unauthorized access to internal systems as a result of this vulnerability — which was previously announced by software provider Citrix — between Oct. 16 and 19.
Xfinity discovered the “suspicious activity” on Oct. 25, and in the following months determined that information was “likely acquired.” On Dec. 6, the company concluded that information included usernames and hashed passwords — and, for some customers, the last four digits of Social Security numbers, account security questions, birthdates and contact information.
Analysis of the breach is still continuing but to date, Xfinity is “not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” the company said in a statement sent to The Associated Press Tuesday.
Xfinity is also requiring customers to reset their passwords, while strongly recommending two-factor or multifactor authentication.
A filing with Maine's office of the attorney general disclosed that nearly 35.9 million people were affected by this breach. The company declined to confirm a specific number Tuesday, but noted the filing's figure represents user IDs.
Philadelphia-based Comcast has more than 32 million broadband customers, according a recent earnings release.
In addition to Xfinity, Citrix provides software to thousands of companies around the world. The previously-announced vulnerability, dubbed “Citrix Bleed,” has also been linked to hacks targeting the Industrial and Commercial Bank of China's New York arm and a Boeing subsidiary, among others.
Under new rules that went into effect Monday, the Securities Exchange Commission now requires public companies to disclose all cybersecurity breaches that could affect their bottom lines — within four days of determining a breach is material. As of Tuesday, there were no SEC filings from Comcast about the recent data breach and the company did not immediately address it.
AI is reshaping investigations. Longeye CEO Guillaume Delepine shares how their AI workspace empowers law enforcement to uncover insights faster and smarter.
Stephen Kates, Financial Analyst at Bankrate, joins to discuss the Fed’s 25-basis-point rate cut, inflation risks, and what it all means for consumers and marke
Big tech earnings take center stage as investors digest results from Alphabet, Meta, Microsoft, Amazon, and Apple, with insights from Gil Luria of D.A. Davidson
Disney content has gone dark on YouTube TV, leaving subscribers of the Google-owned live streaming platform without access to major networks like ESPN and ABC. That’s because the companies have failed to reach a new licensing deal to keep Disney channels on YouTube TV. Depending on how long it lasts, the dispute could particularly impact coverage of U.S. college football matchups over the weekend — on top of other news and entertainment disruptions that have already arrived. In the meantime, YouTube TV subscribers who want to watch Disney channels could have little choice other than turning to the company’s own platforms, which come with their own price tags.
President Donald Trump said he has decided to lower his combined tariff rates on imports of Chinese goods to 47% after talks with Chinese leader Xi Jinping on curbing fentanyl trafficking.
Universal Music Group and AI platform Udio have settled a copyright lawsuit and will collaborate on a new music creation and streaming platform. The companies announced on Wednesday that they reached a compensatory legal settlement and new licensing agreements. These agreements aim to provide more revenue opportunities for Universal's artists and songwriters. The rise of AI song generation tools like Udio has disrupted the music streaming industry, leading to accusations from record labels. This deal marks the first since Universal and others sued Udio and Suno last year. Financial terms of the settlement weren't disclosed.
