Xfinity hack affects nearly 36 million customers. Here’s what to know.

A security breach at Comcast-owned Xfinity has exposed the personal data of nearly all the internet provider’s customers, including account usernames, passwords and answers to their security questions. 

Comcast said in a filing with Maine’s attorney general’s office that the hack affect 35.8 million people, with the media and technology giant notifying customers of the attack through its website and by email, the company said Monday. The intrusion stems from a vulnerability in software from cloud computing company Citrix, which Xfinity and many other companies use, according to Comcast.

Although Citrix patched the vulnerability in October, Xfinity learned that unauthorized users gained access to its internal systems sometime between October 16 and October 19, revealing customer data. For some people, that included their names, contact information, account usernames and passwords, birthdates, parts of their Social Security numbers and answers to their security questions. 

What should I do if I’m an Xfinity customer?

All Xfinity customers — even those whose accounts might not have been breached — must reset their usernames and passwords, according to Comcast. Xfinity is also encouraging subscribers to use two-factor authentication to secure their accounts. 

“While Xfinity advises customers not to re-use passwords across multiple accounts, the company is recommending that customers change passwords for other accounts for which they use the same username and password or security question,” Comcast noted.

Comcast has more than 32 million broadband customers, according to its most recent earnings report, suggesting that the breach likely affected all Xfinity customers. 

Customers with questions can contact Xfinity toll-free at (888) 799-2560 24 hours a day Monday through Friday from 9 a.m. to 9 p.m. Easter time. More information is available on Xfinity’s website at www.xfinity.com/dataincident.

Leave a Reply

Your email address will not be published. Required fields are marked *