SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    xfinity data breach
Go
New
Find
Notify
Tools
Reply
  
xfinity data breach Login/Join 
Member
Picture of konata88
posted
Heads-up. Sounds like xfinity suffered a data breach which includes username, hashed password, challenge questions/responses, last four of SSN, DOB, other contact info.

Event occurred in Oct but are only now reporting the incident publicly.

People need to be fired for this shit. Fines that are just passed on to consumers don't work. Fired and banned for life from anything related to IT.




"Wrong does not cease to be wrong because the majority share in it." L.Tolstoy
"A government is just a body of people, usually, notably, ungoverned." Shepherd Book
 
Posts: 13223 | Location: In the gilded cage | Registered: December 09, 2007Reply With QuoteReport This Post
Crusty old
curmudgeon
Picture of Jimbo54
posted Hide Post
Link?

Jim


________________________

"If you can't be a good example, then you'll have to be a horrible warning" -Catherine Aird
 
Posts: 9791 | Location: The right side of Washington State | Registered: September 14, 2008Reply With QuoteReport This Post
quarter MOA visionary
Picture of smschulz
posted Hide Post
Facts? Or at least a link to something?
 
Posts: 23418 | Location: Houston, TX | Registered: June 11, 2006Reply With QuoteReport This Post
Member
Picture of lkdr1989
posted Hide Post
Here you go, looks like this was reported a couple of weeks ago.


quote:

Comcast says hackers stole data of close to 36 million Xfinity customers

Carly Page@carlypage_ / 4:45 AM PST•December 19, 2023

Comcast has confirmed that hackers exploiting a critical-rated security vulnerability accessed the sensitive information of almost 36 million Xfinity customers.

This vulnerability, known as “CitrixBleed,” is found in Citrix networking devices often used by big corporations and has been under mass-exploitation by hackers since late August. Citrix made patches available in early October, but many organizations did not patch in time. Hackers have used the CitrixBleed vulnerability to hack into big-name victims, including aerospace giant Boeing, the Industrial and Commercial Bank of China and international law firm Allen & Overy.

Xfinity, Comcast’s cable television and internet division, became the latest CitrixBleed victim, the company confirmed in a notice to customers on Monday.

The U.S. telecom giant said that hackers exploiting the CitrixBleed vulnerability had access to its internal systems between October 16 and October 19, but that the company did not detect the “malicious activity” until October 25.

By November 16, Xfinity determined that “information was likely acquired” by the hackers, and in December, the company concluded that this included customer data, including usernames and “hashed” passwords, which are scrambled and stored in a way that makes them unreadable to humans. It’s not immediately clear how the passwords were scrambled or using which algorithm, as some weaker hashing algorithms can be cracked.

The company says for an unspecified number of customers, hackers may have also accessed names, contact information, dates of birth, the last four digits of Social Security numbers and their secret questions and answers.

Comcast notes that “our data analysis is continuing, and we will provide additional notices as appropriate,” suggesting additional types of data may also have been accessed.

The notice doesn’t say how many Xfinity customers have been impacted, and Comcast spokesperson Joel Shadle declined to say when asked by TechCrunch. In a filing with Maine’s attorney general, Comcast confirmed that almost 35.8 million customers are affected by the breach. Comcast’s latest earnings report shows the company has more than 32 million broadband customers, suggesting this breach has impacted most, if not all Xfinity customers.

It’s not yet known whether Xfinity received a ransom demand, how the incident has impacted the company’s operators or whether the incident has been filed with the U.S. Securities and Exchange Commission, as required by the regulator’s new data breach reporting rules. Comcast’s spokesperson would not say.

“We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” said Shadle in an email to TechCrunch.

Xfinity says it is requiring that customers reset their passwords and recommends the use of two-factor or multi-factor authentication — which the company doesn’t require by default — for all customer accounts.


https://techcrunch.com/2023/12...6-million-customers/




...let him who has no sword sell his robe and buy one. Luke 22:35-36 NAV

"Behold, I send you out as sheep in the midst of wolves; so be shrewd as serpents and innocent as doves." Matthew 10:16 NASV
 
Posts: 4408 | Location: Valley, Oregon | Registered: June 03, 2010Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by lkdr1989:
Here you go, looks like this was reported a couple of weeks ago.
quote:
Xfinity says it is requiring that customers reset their passwords ...
Funny: I haven't received any such missive.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26032 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Member
Picture of konata88
posted Hide Post
Sorry guys; I should have provided a public source. I just received an email and I didn't have a link handy. Thanks to lkdr for finding a source.

Interesting that the article is dated mid-Dec but just now receiving an email.... Seems like an email should have gone out first....

ETA: confirming that their website requires you to reset your pwd when you try to log in. Also, once you log in, there is banner that indicates the breach.




"Wrong does not cease to be wrong because the majority share in it." L.Tolstoy
"A government is just a body of people, usually, notably, ungoverned." Shepherd Book
 
Posts: 13223 | Location: In the gilded cage | Registered: December 09, 2007Reply With QuoteReport This Post
Jodel-Time
Picture of Mboroman
posted Hide Post
quote:
Originally posted by konata88:
Interesting that the article is dated mid-Dec but just now receiving an email.... Seems like an email should have gone out first....



I got my email about 2 weeks ago and changed my password then. It seems as though they are sending out emails in batches; perhaps to keep their system from being overwhelmed? Otherwise, I would think that if the breach was that severe, they would want all customers to know and change their passwords immediately.
 
Posts: 577 | Location: Middle Tennessee | Registered: May 16, 2007Reply With QuoteReport This Post
Member
Picture of uvahawk
posted Hide Post
Shameful the way Xfinity has handled this "breach". Initially, the only communication I received was I needed to change my password--no explanation of why. I also note that as of today Xfinity has not/repeat not offered "free" credit monitoring as have several other companies done when breaches have occurred--only advice on how to monitor your credit. But they have been very good at notifying me of coming price increases! Note: I am a bit annoyed because I have also received notification that medical practices have been breached, but at least they offered "free" credit monitoring services.
 
Posts: 249 | Location: Low Country, South Carolina | Registered: November 28, 2004Reply With QuoteReport This Post
Conveniently located directly
above the center of the Earth
Picture of signewt
posted Hide Post
We got a longish review of the BREECH issues yesterday from xfinity.

After 20 years on line with them, security continues ever downward for ever higher monthly fees.
 
Posts: 9880 | Location: sunny Orygun | Registered: September 27, 2009Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by konata88:
ETA: confirming that their website requires you to reset your pwd when you try to log in. Also, once you log in, there is banner that indicates the breach.
Fascinating. Apparently Comcast Business High-Speed Internet is entirely separate from regular Xfinity cable/Internet, because I logged-in just now and there was no mention of a breach nor demand I change my password.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26032 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Shall Not Be Infringed
Picture of nhracecraft
posted Hide Post
What a fucking half-assed organization! From their 'Notice To Customers of Data Security Incident'

quote:
What Happened? On October 10, 2023, one of Xfinity’s software providers, Citrix, announced a vulnerability in one of its products used by Xfinity and thousands of other companies worldwide. At the time Citrix made this announcement, it released a patch to fix the vulnerability. Citrix issued additional mitigation guidance on October 23, 2023. We promptly patched and mitigated our systems.

However, we subsequently discovered that prior to mitigation, between October 16 and October 19, 2023, there was unauthorized access to some of our internal systems that we concluded was a result of this vulnerability. We notified federal law enforcement and conducted an investigation into the nature and scope of the incident. On November 16, 2023, it was determined that information was likely acquired.

Does the 'I' in IT stand for Imbeciles? They're literally stating that Citrix announced the vulnerability on 10/10/23 AND concurrently with that announcement, released a patch to fix the vulnerability. Then Citrix provided additional guidance on 10/23/23. Presumably they (Xfinity) moved forward with the mitigation, and 'promptly patched' their systems AFTER that date!

Subsequently, they discovered that between 10/16 and 10/19 they were breached.

It would appear from their statement, that Citrix was out ahead on this, but they (Xfinity) sat on the patch and did nothing for THIRTEEN DAYS...AND in the interim, the breach occurred. WTAF! Roll Eyes

They knew of the problem/vulnerability, had the solution in hand, and did nothing! Can you say CLASS ACTION LAWSUIT? Mad


____________________________________________________________

If Some is Good, and More is Better.....then Too Much, is Just Enough !!
Trump 2024....Make America Great Again!
"May Almighty God bless the United States of America" - parabellum 7/26/20
Live Free or Die!
 
Posts: 9660 | Location: New Hampshire | Registered: October 29, 2011Reply With QuoteReport This Post
Member
Picture of konata88
posted Hide Post
quote:
What Happened? On October 10, 2023, one of Xfinity’s software providers, Citrix, announced a vulnerability in one of its products used by Xfinity and thousands of other companies worldwide. At the time Citrix made this announcement, it released a patch to fix the vulnerability. Citrix issued additional mitigation guidance on October 23, 2023. We promptly patched and mitigated our systems.


2 questions come to mind off the bat: who cares if 'thousands of other companies worldwide' use the same products; how many of those other companies are similar to xfinity? The question is why xfinity chose it relative to other products that didn't have the weakness. And whether the basis is reasonable or not and whether other measures to protect data could have been taken. For example, did they just go w/ the cheapest option? Or was it reasonably the best or at least better than average option but still had vulnerabilities? The second question is how many of those other thousands of companies experienced a breach, at least those companies that are similar sized enterprise with similar services provided. Was xfinity singularly breached?




"Wrong does not cease to be wrong because the majority share in it." L.Tolstoy
"A government is just a body of people, usually, notably, ungoverned." Shepherd Book
 
Posts: 13223 | Location: In the gilded cage | Registered: December 09, 2007Reply With QuoteReport This Post
quarter MOA visionary
Picture of smschulz
posted Hide Post
quote:
Originally posted by nhracecraft:

Then they discovered that between 10/16 and 10/19 they were breached.

It would appear from their statement, that Citrix was out ahead on this, buy they (Xfinity) sat on the patch and did nothing for THIRTEEN DAYS, AND in the interim, the breach occurred. WTAF! Roll Eyes

Can you say CLASS ACTION LAWSUIT? Mad




I suppose you think that the the seven minutes of George Bush during 9/11 was appalling too. Eek

You know IT companies are hit with updates from every angle to deploy all the time.
Most all of the the time "there is nothing to see here".
Every company IT Dept. has to do there due diligence before every deployment, then schedule and deploy ~ sometime taking quite an impact on the network, something they have to consider.

So the peanut gallery "Class Action Lawsuit" gets my > Roll Eyes .
 
Posts: 23418 | Location: Houston, TX | Registered: June 11, 2006Reply With QuoteReport This Post
Shall Not Be Infringed
Picture of nhracecraft
posted Hide Post
^^^THIRTEEN DAYS dude! They knew of the problem/vulnerability, had the solution in hand, and did nothing! I guess they gambled and chose poorly then! Meanwhile maybe the THOUSANDS of other companies saw this as a high priority, simply implemented the patch!


____________________________________________________________

If Some is Good, and More is Better.....then Too Much, is Just Enough !!
Trump 2024....Make America Great Again!
"May Almighty God bless the United States of America" - parabellum 7/26/20
Live Free or Die!
 
Posts: 9660 | Location: New Hampshire | Registered: October 29, 2011Reply With QuoteReport This Post
Nullus Anxietas
Picture of ensigmatic
posted Hide Post
quote:
Originally posted by smschulz:
So the peanut gallery "Class Action Lawsuit" gets my > Roll Eyes .
Indeed Roll Eyes
quote:
Originally posted by nhracecraft:
^^^THIRTEEN DAYS dude!
Managed a lot of big networks have you, dude?
quote:
Originally posted by nhracecraft:
They knew of the problem/vulnerability, had the solution in hand, and did nothing!
You don't know that.

In a network the size and complexity of Comcast/Xfinity's one does not simply take any and every patch that comes down the pipe, apply it, and go home.

In addition to supplying network connectivity to their own direct customers, Comcast is a major backbone/transit supplier. Did you know that?
quote:
Originally posted by nhracecraft:
Meanwhile maybe the THOUSANDS of other companies saw this as a high priority, simply implemented the patch!
You don't know that, either.

Maybe Comcast/Xfinity screwed-up. Maybe they didn't. (My suspicion is they did, in one way or another.) But, having BTDT, I certainly am not going to be quite so quick to condemn them.

Then again: I have managed large-ish Corporate networks, so there's that.



"America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe
"If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher
 
Posts: 26032 | Location: S.E. Michigan | Registered: January 06, 2008Reply With QuoteReport This Post
Shall Not Be Infringed
Picture of nhracecraft
posted Hide Post
^^^We're not talking about what YOU or smschulz, or any other IT visionaries have done here. I've had the SIGNIFICANT displeasure of being a Comcast customer for over 25 years. During that time they've developed/exhibited a distinct track record of incompetence, and IME their business practices have been littered w/ examples deception, deflection and dishonesty, so forgive me if I've got an opinion on their actions/in-actions here!

How you can even go so far as to say that 'maybe they did, or maybe they didn't screw up' (but you suspect that they did!), and yet when I take their printed words and point out the obvious, opine that I'm somehow not qualified to do so because I 'may' not have retired from a career in IT is a bit much.

They literally say they had the patch, and didn't use it for AT LEAST 13 days! While I'm not surprised in the least that they could fuck something up so royally, I am completely shocked that they actually put that in print! Honestly, it's a bit shocking to see ANYBODY defending Comcast/Xfinity at this point, but hey what do I know!

It is really cute how you nitpick your way through a post so you can dissect it and apply your criticism(s) sentence by sentence though. Roll Eyes


____________________________________________________________

If Some is Good, and More is Better.....then Too Much, is Just Enough !!
Trump 2024....Make America Great Again!
"May Almighty God bless the United States of America" - parabellum 7/26/20
Live Free or Die!
 
Posts: 9660 | Location: New Hampshire | Registered: October 29, 2011Reply With QuoteReport This Post
quarter MOA visionary
Picture of smschulz
posted Hide Post
quote:
Originally posted by nhracecraft:


They literally say they had the patch, and didn't use it for AT LEAST 13 days! While I'm not surprised in the least that they could fuck something up so royally, I am completely shocked that they actually put that in print!
Honestly, it's a bit shocking to see ANYBODY defending Comcast/Xfinity at this point, but hey what do I know!




It's almost comical how serious you are when you all you know is "thirteen days".
Like ensigmatic said, you don't know anything, and we are talking about the facts of the issues not the credentials of who is speaking.
The one thing though that IT in general does is try to look at the entire scenario objectively and completely and not succumb to emotions.
The measure twice, cut once we learned from Norm Abrams is more how we think.
We get it that you think this was incompetence, however it can be complicated to come to that conclusion without all the factors.
But go ahead and bloviate on if you wish, you are still entitled to your opinion.
 
Posts: 23418 | Location: Houston, TX | Registered: June 11, 2006Reply With QuoteReport This Post
  Powered by Social Strata  
 

SIGforum.com    Main Page  Hop To Forum Categories  The Lounge    xfinity data breach

© SIGforum 2024