Image: Comcast
Have you ever felt like data breaches are becoming a part of daily life that we just ignore, especially if they don’t directly impact us? That’s not the case for internet service provider Comcast. Comcast was recently hit with an attack that has reportedly put the customer data of 35.9 million Xfinity users at risk. But the most alarming part is Comcast’s indifferent response to the security flaw that led to the breach.
According to a notice sent to Maine attorney general’s office, hackers were able to access usernames, contact info like real names and addresses, dates of birth, user-selected security questions and answers, and the last four digits of Social Security numbers. Though passwords were cryptographically hashed, they were also taken. There may be more that has been accessed, as the company is still working on investigating what has been taken according to .
How did this happen? Comcast reports that it discovered the initial leak “between October 16 and October 19,” enabled by a critical bug in Citrix network hardware known as Citrix Bleed. Even though the vulnerability had been patched, Comcast didn’t take action to fix it until October 23rd. This two-week window was all hackers needed to use the vulnerability and penetrate Comcast’s systems.
As upsetting as the data breach is, Comcast is now requiring customers to reset their passwords and enable two-factor authentication. Assuming there is no more extensive data lost, the collection probably doesn’t represent a big risk. Statistically, our personal data has been exposed to malefactors more than once at this point.
Author: Michael Crider, Staff Writer
Michael is a former graphic designer who’s been building and tweaking desktop computers for longer than he cares to admit. His interests include folk music, football, science fiction, and salsa verde, in no particular order.