Xfinity users forced to change passwords after hackers strike 36M customers

Doug Cunningham
·1 min read
UPI
Nearly 36 million Xfinity customers have had their data hacked, including passwords, security question answers, user names and last four digits of Social Security numbers in some cases. The company said data analysis is continuing. Photo via Wikimedia Creative Commons license

Dec. 20 (UPI) -- Xfinity is notifying its customers that a hacker data breach got access to the personal information of 36 million customers, nearly all of Xfinity's customers.

The data included passwords, user names and security-question answers.

An Xfinity notice to customers this week said that the hack was due to a vulnerability in Citrix software that was patched. Subsequently, Xfinity discovered that hackers had nonetheless gained access to customers' personal data.

"After additional review of the affected systems and data, Xfinity concluded on December 6, 2023, that the customer information in scope included usernames and hashed passwords; for some customers, other information may also have been included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers," the Xfinity notice said.

The company said that the data analysis is continuing. The hack was found during a routine cybersecurity exercise, according to Xfinity.

Cloud computing company Citrix had announced a vulnerability in its software Oct. 10 and issued mitigation guidance Oct. 23.

On Oct. 25, Xfinity said, it discovered "suspicious activity and subsequently determined that between October 16 and October 19, 2023, there was unauthorized access to its internal systems that was concluded to be a result of this vulnerability."

Xfinity required users to reset their passwords and strongly recommended its customers enable two-factor authorization to secure accounts.

It also warned customers to not re-use passwords across multiple platforms.