Xfinity notifies customers of data breach due to “software vulnerability”
01/03/2024 // Zoey Sky // Views

Xfinity, the Comcast-owned telecommunications business, announced in December that hackers accessed customers' personal information by exploiting a vulnerability in software used by the company.

In a notice to customers, Xfinity announced that there was unauthorized access to internal systems because of this vulnerability between Oct. 16 and 19, 2023.

The alleged software vulnerability was previously announced by software provider Citrix.

Xfinity discovered the "suspicious activity on Oct. 25 and in the succeeding months concluded that the hackers "likely acquired" data.

On Dec. 6, Xfinity said the accessed information included customer usernames and hashed passwords. The hackers also acquired data such as the last four digits of Social Security numbers, account security questions, birthdates and contact information of some customers.

An investigation on the breach is still ongoing, but in a statement, Xfinity claimed that it is "not aware of any customer data being leaked anywhere, nor of any attacks on our customers."

Xfinity also advised customers to reset their passwords and strongly recommended two-factor or multifactor authentication to boost account security.

A filing with Maine's office of the Attorney General revealed that at least 35.9 million people were affected by the breach. The company declined to confirm a specific number, but it said that the filing's figure represents user IDs.

According to a recent earnings release, Philadelphia-based Comcast has more than 32 million broadband customers.

Aside from Xfinity, Citrix provides software to thousands of companies around the world. The vulnerability, named "Citrix Bleed," has also been associated with other hacks targeting the Industrial and Commercial Bank of China's New York arm and a Boeing subsidiary, among others.

Under new rules, the Securities Exchange Commission (SEC) now requires public companies to disclose all cybersecurity breaches that could affect their bottom lines at least within four days of determining a breach is material.

As of Dec. 19, there were no SEC filings from Comcast about the data breach and the company did not immediately address it. (Related: Apple releases emergency software update after Pegasus spyware breach.)

Internet safety tips

As technology advances and hackers become more determined, data breaches have become more common. Follow the internet safety tips below to help improve your account security and protect your account information:

Use unique passwords for all accounts

Hackers often have a great success rate even if they only steal a batch of username and password combinations from one source because they can then steal information by trying those same combinations on other accounts.

For example, hackers can get your username and password by hacking an email provider. They will then try to log into banking sites or major online stores using the same username and password combination.

The best way to prevent one data breach from having a catastrophic domino effect is to always use a strong and unique password for all your online accounts.

Turn on multi-factor authentication

Multi-factor authentication adds one more step to account log-ins, but it can help make your accounts more secure. Multi-factor authentication means you need to pass another layer of authentication, not just a username and password, to access your accounts.

If the data or personal information in your account is sensitive or valuable, and the account offers multi-factor authentication, it's best to enable it. Online services like Gmail and Dropbox offer multi-factor authentication.

Multi-factor authentication verifies your identity using at least two out of three different forms of authentication:

  • Something you know is your password.
  • Something you are could mean authentication using your fingerprint, or through facial recognition.
  • Something you have could be your smartphone. Alternatively, you might be asked to enter a code sent via text or tap a confirmation button on a mobile app. It could also be a physical Security Key; both Google and Microsoft have announced the move push toward this kind of authentication.

Visit for similar stories about hacking and cyber attacks.

Watch the video below discussing the truth about the New Zealand vaccine data breach.

This video is from the Tammy Cuthbert Garcia channel on

More related stories:

Google allows users to have their explicit photos removed from search results.

Pizza Hut Australia HACKED! Data security breach exposes customers’ personal information.

Hunter Biden sues IRS whistleblowers for BREACH OF PRIVACY over tax probe.

Sources include:

Take Action:
Support Natural News by linking to this article from your website.
Permalink to this article:
Embed article link:
Reprinting this article:
Non-commercial use is permitted with credit to (including a clickable link).
Please contact us for more information.
Free Email Alerts
Get independent news alerts on natural cures, food lab tests, cannabis medicine, science, robotics, drones, privacy and more.
App Store
Android App
eTrust Pro Certified

This site is part of the Natural News Network © 2022 All Rights Reserved. Privacy | Terms All content posted on this site is commentary or opinion and is protected under Free Speech. Truth Publishing International, LTD. is not responsible for content written by contributing authors. The information on this site is provided for educational and entertainment purposes only. It is not intended as a substitute for professional advice of any kind. Truth Publishing assumes no responsibility for the use or misuse of this material. Your use of this website indicates your agreement to these terms and those published here. All trademarks, registered trademarks and servicemarks mentioned on this site are the property of their respective owners.

This site uses cookies
Natural News uses cookies to improve your experience on our site. By using this site, you agree to our privacy policy.
Learn More
Get 100% real, uncensored news delivered straight to your inbox
You can unsubscribe at any time. Your email privacy is completely protected.