Xfinity hack affects nearly 36 million customers. Here’s what you need to know.


A security breach at Comcast-owned Xfinity has exposed the personal data of nearly all of the ISP’s customers, including account usernames, passwords and answers to their security questions.

Comcast said in a archiving with the Maine attorney general’s office that the hack affected 35.8 million people, with the media and technology giant notifying customers of the attack via its website and via email, the company said Monday. The intrusion stems from a vulnerability in software from cloud computing company Citrix, according to Comcast.

Although Citrix fixed the vulnerability in October, Xfinity learned that unauthorized users accessed its internal systems between October 16 and October 19, exposing customer data. For some people, this included their names, contact information, account usernames and passwords, dates of birth, parts of their social security numbers and answers to their security questions.

In addition to Xfinity, Citrix provides software to thousands of companies around the world. The previously announced vulnerability, called “Citrix Bleed”, has also been linked to hacks targeting Industrial and Commercial Bank of China’s New York arm and a Boeing subsidiary, among others.

Under new federal rules that took effect Monday, the Securities Exchange Commission requires public companies to disclose any cybersecurity breaches that could affect their financial results within four days of determining that a breach is material.

What should I do if I am an Xfinity customer?

All Xfinity customers — even those whose accounts may not have been breached — must reset their usernames and passwords, according to Comcast. Xfinity also encourages subscribers to use two-factor authentication to secure their accounts.

“While Xfinity advises customers not to reuse passwords across multiple accounts, the company recommends that customers change passwords for other accounts for which they use the same username and password or security question,” Comcast noted.

Comcast has more than 32 million broadband customers, according to its latest earnings reportsuggesting that the breach likely affected all Xfinity customers.

Some Xfinity users continued to express frustration Wednesday in the wake of the cyber attack. Said one poster on social media by contacting its customer service team: “I logged in, changed password. I’m trying to log out by tapping my profile icon. It says log in, but the web page shows my account information even though it says I’m logged out . You have more problems than just password leaks.”

Customers with questions can contact Xfinity toll free at (888) 799-2560 24 hours a day Monday through Friday from 9:00 AM to 9:00 PM Eastern Time. More information is available on the Xfinity website at xfinity.com/dataincident.

— The Associated Press contributed to this report.




Leave a Reply

Your email address will not be published. Required fields are marked *