this post was submitted on 31 Dec 2023
19 points (75.7% liked)

Security

5005 readers
1 users here now

Confidentiality Integrity Availability

founded 4 years ago
MODERATORS
top 2 comments
sorted by: hot top controversial new old
[–] [email protected] 5 points 10 months ago

I received one email about the incident, formatted in such a way that it read like a phishing attempt. I had to look it up to even find out that this was a real thing.

However what REALLY pisses me off about them leaking my information is that I haven't even been a customer for the past 8 years! Maybe take a hint already? The only way these companies will stop screwing us over is when it begins to cost them money, but they know most of us don't have the financial means to sue them.

[–] [email protected] 3 points 10 months ago

This is the best summary I could come up with:


While Xfinity now says it patched the security hole, it later uncovered suspicious activity on its internal systems “that was concluded to be a result of this vulnerability.”

The hack resulted in the theft of customer usernames and hashed passwords, according to Xfinity’s notice.

Meanwhile, “some customers” may have had their names, contact information, the last four digits of their social security numbers, dates of birth, and / or secret questions and answers exposed.

Xfinity will automatically ask customers to change their passwords the next time they log in to their accounts, and it’s also encouraging users to turn on two-factor authentication.

You can find the full notice, including contact information for the company’s incident response team, on Xfinity’s website.

Update December 19th, 9:26AM ET: Added the number of people affected by the breach and additional detail on the “Citrix Bleed” vulnerability.


The original article contains 411 words, the summary contains 142 words. Saved 65%. I'm a bot and I'm open source!