Signage for Xfinity, the cable division of Comcast, is displayed in Philadelphia, July 15, 2015. Hackers accessed Xfinity customers’ personal information by exploiting a vulnerability in software used by the company, the Comcast-owned telecommunications business announced this week. In a Monday, Dec. 18, 2023, notice to customers, Xfinity said there was unauthorized access to internal systems as a result of this vulnerability — which was previously announced by software provider Citrix — between Oct. 16 and 19. (AP Photo/Matt Rourke, File)
Hackers accessed Xfinity customers' personal information by exploiting a vulnerability in software used by the company, the Comcast-owned telecommunications business announced this week.
In a Monday notice to customers, Xfinity said there was unauthorized access to internal systems as a result of this vulnerability — which was previously announced by software provider Citrix — between Oct. 16 and 19.
Xfinity discovered the “suspicious activity” on Oct. 25, and in the following months determined that information was “likely acquired.” On Dec. 6, the company concluded that information included usernames and hashed passwords — and, for some customers, the last four digits of Social Security numbers, account security questions, birthdates and contact information.
Analysis of the breach is still continuing but to date, Xfinity is “not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” the company said in a statement sent to The Associated Press Tuesday.
Xfinity is also requiring customers to reset their passwords, while strongly recommending two-factor or multifactor authentication.
A filing with Maine's office of the attorney general disclosed that nearly 35.9 million people were affected by this breach. The company declined to confirm a specific number Tuesday, but noted the filing's figure represents user IDs.
Philadelphia-based Comcast has more than 32 million broadband customers, according a recent earnings release.
In addition to Xfinity, Citrix provides software to thousands of companies around the world. The previously-announced vulnerability, dubbed “Citrix Bleed,” has also been linked to hacks targeting the Industrial and Commercial Bank of China's New York arm and a Boeing subsidiary, among others.
Under new rules that went into effect Monday, the Securities Exchange Commission now requires public companies to disclose all cybersecurity breaches that could affect their bottom lines — within four days of determining a breach is material. As of Tuesday, there were no SEC filings from Comcast about the recent data breach and the company did not immediately address it.
Orangetheory Fitness is redefining the future of workouts with smarter tech, strength-based programming, and community-driven studios built for what’s next.
Spain's government has fined Airbnb 64 million euros or $75 million for advertising unlicensed tourist rentals. The consumer rights ministry announced the fine on Monday. The ministry stated that many listings lacked proper license numbers or included incorrect information. The move is part of Spain's ongoing efforts to regulate short-term rental companies amid a housing affordability crisis especially in popular urban areas. The ministry ordered Airbnb in May to remove around 65,000 listings for similar violations. The government's consumer rights minister emphasized the impact on families struggling with housing. Airbnb said it plans to challenge the fine in court.
Roomba maker iRobot has filed for Chapter 11 bankruptcy protection, but says that it doesn’t expect any disruptions to devices as the more than 30-year-old company is taken private under a restructuring process. iRobot said that it is being acquired by Picea through a court-supervised process. Picea is the company's primary contract manufacturer. The Bedford, Massachusetts-based anticipates completing the prepackaged chapter 11 process by February.
Serbia’s prosecutor for organized crime has charged a government minister and three others with abuse of position and falsifying of documents related to a luxury real estate project linked to U.S. President Donald Trump’s son-in-law Jared Kushner. The charges came on Monday. The investigation centers on a controversy over a a bombed-out military complex in central Belgrade that was a protected cultural heritage zone but that is facing redevelopment as a luxury compound by a company linked to Kushner. The $500 million proposal to build a high-rise hotel, offices and shops at the site has met fierce opposition from experts at home and abroad. Selakovic and others allegedly illegally lifted the protection status for the site by falsifying documentation.
