Xfinity, a widely-used internet and cable service provider, has reported a data security incident that may have compromised the personal information of its users.
The compromised data included usernames and hashed passwords. Hashing passwords is a way of encrypting the password data so that it can’t be understood without a key code. Most encryption methods can be broken if there is enough time/resources and encrypted data for the hackers to work on. The sophistication of the hash used will also impact how long it will take hackers to break the encryption.
For some users, additional information such as names, contact details, last four digits of social security numbers, dates of birth, and secret questions and answers might have been exposed. Ongoing data analysis may reveal more details, and affected users have been advised to reset their passwords.
Incident Timeline
- October 10th, 2023: Vulnerability Announcement
Citrix, a software provider for Xfinity, announces a vulnerability in its product used by Xfinity and other global companies. - October 16th-19th, 2023: Unauthorized Access
Despite mitigation efforts, unauthorized access to Xfinity’s internal systems occurred during this period. - October 23rd, 2023: Patch Release
Citrix releases a patch to fix the identified vulnerability and issues additional mitigation guidance. - November 16th, 2023: Determination of Data Breach
Xfinity discovered that the unauthorized access between October 16th and October 19th likely resulted in the acquisition of information. Federal law enforcement was notified, and an investigation was initiated. - December 6th, 2023: Identification of Compromised Information
Xfinity concluded that the compromised data included usernames and hashed passwords. Additional information for some users may include names, contact details, last four digits of social security numbers, dates of birth, and secret questions and answers. - December 30th, 2023: Press Release
Xfinity notified the media of the incident via an email press release.
What Xfinity Is Doing?
Xfinity has taken proactive measures to protect user accounts, urging users to reset their passwords. Additionally, the company recommends enrollment in two-factor or multi-factor authentication for enhanced security.
What You Can Do?
Users are strongly encouraged to enroll in additional security measures such as two-factor authentication. Xfinity advises against password reuse and recommends changing information on other accounts if similar credentials were used. Further information on safeguarding personal information is available on the Xfinity website.
Xfinity advises customers to remain vigilant against fraud and identity theft by reviewing account statements and monitoring credit reports. Free credit reports can be obtained annually, and users are encouraged to place fraud alerts or security freezes on their credit files. The Federal Trade Commission and law enforcement should be informed of any suspected identity theft.
More Information & Support
For additional queries, affected users can contact IDX, Xfinity’s incident response provider, at 888-799-2560, which is available 24/7. Further details and updates are accessible on the Xfinity website at Xfinity.com/dataincident.
Available in the Deer Park area, TRECpro provides cyber security services, including password manager apps, remote support, and consulting. You can contact them at [email protected] or call 509-818-1112. TRECpro recently offered an article about password managers available at: DPGazette.com/nvp1o
The Xfinity data security incident serves as a reminder of the evolving threats in the digital landscape. The community must stay informed and take proactive measures to protect personal information in the wake of such incidents. As technology advances, the collective responsibility to ensure cybersecurity becomes increasingly crucial.
