Comcast Xfinity data breach affects over 35 million people

Comcast's Xfinity said on Monday there was unauthorized access to its internal systems between Oct. 16 and Oct. 19.Xfinity, which provides video, broadband and phone services, said it had notified federal law enforcement and started an investigation.

Comcast said in a filing with Maine's attorney general's office that the hack affected 35.8 million people, with the media and technology giant notifying customers of the attack through its website and by email, the company said Monday. The intrusion stems from a vulnerability in software from cloud computing company Citrix, according to Comcast.

Although Citrix patched the vulnerability in October, Xfinity learned that unauthorized users gained access to its internal systems sometime between October 16 and October 19, revealing customer data. For some people, that included their names, contact information, account usernames and passwords, birthdates, parts of their Social Security numbers and answers to their security questions.

All Xfinity customers - even those whose accounts might not have been breached - must reset their usernames and passwords, according to Comcast. Xfinity is also encouraging subscribers to use two-factor authentication to secure their accounts.

In addition to Xfinity, Citrix provides software to thousands of companies around the world. The previously-announced vulnerability, dubbed "Citrix Bleed," has also been linked to hacks targeting the Industrial and Commercial Bank of China's New York arm and a Boeing subsidiary, among others.

Read more -here-

• Mozilla updates Firefox terms again after backlash over broad data license language
• Skype is shutting down after two decades
• OpenWrt debuts "unbrickable" hacker-friendly, security-focused wireless router
• Amazon debuts new Alexa+ AI voice assistant
• Microsoft tests ad-supported Office apps for Windows users
• Google is replacing Gmail's SMS authentication with QR codes