Go | New | Find | Notify | Tools | Reply |
Member |
Heads-up. Sounds like xfinity suffered a data breach which includes username, hashed password, challenge questions/responses, last four of SSN, DOB, other contact info. Event occurred in Oct but are only now reporting the incident publicly. People need to be fired for this shit. Fines that are just passed on to consumers don't work. Fired and banned for life from anything related to IT. "Wrong does not cease to be wrong because the majority share in it." L.Tolstoy "A government is just a body of people, usually, notably, ungoverned." Shepherd Book | ||
|
Crusty old curmudgeon |
Link? Jim ________________________ "If you can't be a good example, then you'll have to be a horrible warning" -Catherine Aird | |||
|
quarter MOA visionary |
Facts? Or at least a link to something? | |||
|
Member |
Here you go, looks like this was reported a couple of weeks ago.
https://techcrunch.com/2023/12...6-million-customers/ ...let him who has no sword sell his robe and buy one. Luke 22:35-36 NAV "Behold, I send you out as sheep in the midst of wolves; so be shrewd as serpents and innocent as doves." Matthew 10:16 NASV | |||
|
Nullus Anxietas |
Funny: I haven't received any such missive. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Member |
Sorry guys; I should have provided a public source. I just received an email and I didn't have a link handy. Thanks to lkdr for finding a source. Interesting that the article is dated mid-Dec but just now receiving an email.... Seems like an email should have gone out first.... ETA: confirming that their website requires you to reset your pwd when you try to log in. Also, once you log in, there is banner that indicates the breach. "Wrong does not cease to be wrong because the majority share in it." L.Tolstoy "A government is just a body of people, usually, notably, ungoverned." Shepherd Book | |||
|
Jodel-Time |
I got my email about 2 weeks ago and changed my password then. It seems as though they are sending out emails in batches; perhaps to keep their system from being overwhelmed? Otherwise, I would think that if the breach was that severe, they would want all customers to know and change their passwords immediately. | |||
|
Member |
Shameful the way Xfinity has handled this "breach". Initially, the only communication I received was I needed to change my password--no explanation of why. I also note that as of today Xfinity has not/repeat not offered "free" credit monitoring as have several other companies done when breaches have occurred--only advice on how to monitor your credit. But they have been very good at notifying me of coming price increases! Note: I am a bit annoyed because I have also received notification that medical practices have been breached, but at least they offered "free" credit monitoring services. | |||
|
Conveniently located directly above the center of the Earth |
We got a longish review of the BREECH issues yesterday from xfinity. After 20 years on line with them, security continues ever downward for ever higher monthly fees. | |||
|
Nullus Anxietas |
Fascinating. Apparently Comcast Business High-Speed Internet is entirely separate from regular Xfinity cable/Internet, because I logged-in just now and there was no mention of a breach nor demand I change my password. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Shall Not Be Infringed |
What a fucking half-assed organization! From their 'Notice To Customers of Data Security Incident'
Does the 'I' in IT stand for Imbeciles? They're literally stating that Citrix announced the vulnerability on 10/10/23 AND concurrently with that announcement, released a patch to fix the vulnerability. Then Citrix provided additional guidance on 10/23/23. Presumably they (Xfinity) moved forward with the mitigation, and 'promptly patched' their systems AFTER that date! Subsequently, they discovered that between 10/16 and 10/19 they were breached. It would appear from their statement, that Citrix was out ahead on this, but they (Xfinity) sat on the patch and did nothing for THIRTEEN DAYS...AND in the interim, the breach occurred. WTAF! They knew of the problem/vulnerability, had the solution in hand, and did nothing! Can you say CLASS ACTION LAWSUIT? ____________________________________________________________ If Some is Good, and More is Better.....then Too Much, is Just Enough !! Trump 2024....Make America Great Again! "May Almighty God bless the United States of America" - parabellum 7/26/20 Live Free or Die! | |||
|
Member |
2 questions come to mind off the bat: who cares if 'thousands of other companies worldwide' use the same products; how many of those other companies are similar to xfinity? The question is why xfinity chose it relative to other products that didn't have the weakness. And whether the basis is reasonable or not and whether other measures to protect data could have been taken. For example, did they just go w/ the cheapest option? Or was it reasonably the best or at least better than average option but still had vulnerabilities? The second question is how many of those other thousands of companies experienced a breach, at least those companies that are similar sized enterprise with similar services provided. Was xfinity singularly breached? "Wrong does not cease to be wrong because the majority share in it." L.Tolstoy "A government is just a body of people, usually, notably, ungoverned." Shepherd Book | |||
|
quarter MOA visionary |
I suppose you think that the the seven minutes of George Bush during 9/11 was appalling too. You know IT companies are hit with updates from every angle to deploy all the time. Most all of the the time "there is nothing to see here". Every company IT Dept. has to do there due diligence before every deployment, then schedule and deploy ~ sometime taking quite an impact on the network, something they have to consider. So the peanut gallery "Class Action Lawsuit" gets my > . | |||
|
Shall Not Be Infringed |
^^^THIRTEEN DAYS dude! They knew of the problem/vulnerability, had the solution in hand, and did nothing! I guess they gambled and chose poorly then! Meanwhile maybe the THOUSANDS of other companies saw this as a high priority, simply implemented the patch! ____________________________________________________________ If Some is Good, and More is Better.....then Too Much, is Just Enough !! Trump 2024....Make America Great Again! "May Almighty God bless the United States of America" - parabellum 7/26/20 Live Free or Die! | |||
|
Nullus Anxietas |
Indeed Managed a lot of big networks have you, dude? You don't know that. In a network the size and complexity of Comcast/Xfinity's one does not simply take any and every patch that comes down the pipe, apply it, and go home. In addition to supplying network connectivity to their own direct customers, Comcast is a major backbone/transit supplier. Did you know that? You don't know that, either. Maybe Comcast/Xfinity screwed-up. Maybe they didn't. (My suspicion is they did, in one way or another.) But, having BTDT, I certainly am not going to be quite so quick to condemn them. Then again: I have managed large-ish Corporate networks, so there's that. "America is at that awkward stage. It's too late to work within the system,,,, but too early to shoot the bastards." -- Claire Wolfe "If we let things terrify us, life will not be worth living." -- Seneca the Younger, Roman Stoic philosopher | |||
|
Shall Not Be Infringed |
^^^We're not talking about what YOU or smschulz, or any other IT visionaries have done here. I've had the SIGNIFICANT displeasure of being a Comcast customer for over 25 years. During that time they've developed/exhibited a distinct track record of incompetence, and IME their business practices have been littered w/ examples deception, deflection and dishonesty, so forgive me if I've got an opinion on their actions/in-actions here! How you can even go so far as to say that 'maybe they did, or maybe they didn't screw up' (but you suspect that they did!), and yet when I take their printed words and point out the obvious, opine that I'm somehow not qualified to do so because I 'may' not have retired from a career in IT is a bit much. They literally say they had the patch, and didn't use it for AT LEAST 13 days! While I'm not surprised in the least that they could fuck something up so royally, I am completely shocked that they actually put that in print! Honestly, it's a bit shocking to see ANYBODY defending Comcast/Xfinity at this point, but hey what do I know! It is really cute how you nitpick your way through a post so you can dissect it and apply your criticism(s) sentence by sentence though. ____________________________________________________________ If Some is Good, and More is Better.....then Too Much, is Just Enough !! Trump 2024....Make America Great Again! "May Almighty God bless the United States of America" - parabellum 7/26/20 Live Free or Die! | |||
|
quarter MOA visionary |
It's almost comical how serious you are when you all you know is "thirteen days". Like ensigmatic said, you don't know anything, and we are talking about the facts of the issues not the credentials of who is speaking. The one thing though that IT in general does is try to look at the entire scenario objectively and completely and not succumb to emotions. The measure twice, cut once we learned from Norm Abrams is more how we think. We get it that you think this was incompetence, however it can be complicated to come to that conclusion without all the factors. But go ahead and bloviate on if you wish, you are still entitled to your opinion. | |||
|
Powered by Social Strata |
Please Wait. Your request is being processed... |