Security News > 2023 > December > Millions of Xfinity customers' info, hashed passwords feared stolen in cyberattack

Millions of Xfinity customers' info, hashed passwords feared stolen in cyberattack
2023-12-19 20:43

Millions of Comcast Xfinity subscribers' personal data - including potentially their usernames, hashed passwords, contact details, and secret security question-answers - was likely stolen by one or more miscreants exploiting Citrix Bleed in October.

As of December 6, the potentially stolen customer data includes usernames and hashed passwords, the internet provider said.

Hashed passwords, for those who don't know, are one-way encrypted passwords: you can't directly figure out someone's actual password from their hashed password, though miscreants can attempt to deduce people's passwords from the hashes.

Whether those crooks are successful or not depends on the algorithm and method used by Comcast to create the hashes, and how strong the passwords were to begin with.

Xfinity is now requiring subscribers to reset their passwords, and "Strongly recommends" enabling two- or multi-factor authentication.

As always, please don't reuse passwords across multiple accounts.


News URL

https://go.theregister.com/feed/www.theregister.com/2023/12/19/comcast_xfinity_hacked/