this post was submitted on 19 Dec 2023
186 points (100.0% liked)

Technology

58012 readers
3094 users here now

This is a most excellent place for technology news and articles.

Our Rules

  1. Follow the lemmy.world rules.
  2. Only tech related content.
  3. Be excellent to each another!
  4. Mod approved content bots can post up to 10 articles per day.
  5. Threads asking for personal tech support may be deleted.
  6. Politics threads may be removed.
  7. No memes allowed as posts, OK to post as comments.
  8. Only approved bots from the list below, to ask if your bot can be added please contact us.
  9. Check for duplicates before posting, duplicates may be removed

Approved Bots

founded 1 year ago
MODERATORS
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
[email protected]
186
Comcast says hackers stole data of close to 36 million Xfinity customers (techcrunch.com)
submitted 8 months ago by [email protected] to c/[email protected]
17 comments fedilink hide all child comments
 

Comcast says hackers stole data of close to 36 million Xfinity customers::Hackers exploited a known but unpatched flaw, allowing hackers access to the sensitive information of almost 36 million Comcast customers.

top 17 comments
sorted by: hot top controversial new old
[–] [email protected] 48 points 8 months ago* (last edited 8 months ago) (1 children)

Basically this data included customer details on 36 million customers, and Xfinity only has 32 million active customers...

They've already admitted it includes all plaintext customer details (names, address, last 4 SSN, etc.), and their password hashes, but no info on what hashing function was used to make them, or if they were salted.

This is just what they've admitted. Who wants to place bets on whether they also got all the customer data that shouldn't be legal to collect, but is e.g. browsing habits, traffic analysis, user/household metadata?

[–] [email protected] 5 points 8 months ago (2 children)

They don’t seem to allow account deletions. Does it mean that this could include accounts that they still keep but people don’t use their services anymore?

[–] [email protected] 3 points 8 months ago

It could be account information from partnerships e.g. bundles, old customers, subsidiary companies, or something else entirely.

Your guess is as good as mine.

[–] [email protected] 1 points 8 months ago

I would expect that number to be much higher than 4 million.

[–] [email protected] 17 points 8 months ago (2 children)

Imagine if your connection history got leaked by this.

[–] [email protected] 2 points 8 months ago

"Whoa holy shit this dude looks at a fucking ton of yiff every day"

(not me since I use an encrypted DNS provider... but someone like me)

[–] [email protected] 0 points 8 months ago (1 children)

a good reason to always have your vpn on

[–] [email protected] 2 points 8 months ago (2 children)

That way your info only gets exposed when the VPN sells it

[–] [email protected] 6 points 8 months ago

Depends on what VPN

[–] [email protected] 2 points 8 months ago* (last edited 8 months ago)

only if you choose one that logs data.

an ISP-only approach is objectively worse in every way: not only you often don't even have an option to choose between them, but they have all your private info, are subject to your country's laws, and they're known to log and report data to 3 letter agencies, data that can probably also be stolen or purchased by other bad actors.

[–] [email protected] 13 points 8 months ago

with their website taking inexplicably long (~1min) to load a simple user settings page, I'm considering practicing some pentesting to be able to change my own info.

[–] [email protected] 9 points 8 months ago (1 children)

I’m so used to having my personal info leaked. Sony, T-Mobile, Experian, LastPass, Comcast… what an incredible world we live in.

[–] [email protected] 3 points 8 months ago (1 children)

Can i have yer credit card number?

[–] [email protected] 8 points 8 months ago

Sure, it’s available in several databases you can find on some very credible sites 🤣

[–] [email protected] 7 points 8 months ago

I was wondering why they just forced a password change.

[–] [email protected] 4 points 8 months ago

Oh no, this will surely tarnish Comcast's spotless reputation.

[–] [email protected] 3 points 8 months ago

This is the best summary I could come up with:

Comcast has confirmed that hackers exploiting a critical-rated security vulnerability accessed the sensitive information of almost 36 million Xfinity customers.

This vulnerability, known as “CitrixBleed,” is found in Citrix networking devices often used by big corporations and has been under mass-exploitation by hackers since late August.

Hackers have used the CitrixBleed vulnerability to hack into big-name victims, including aerospace giant Boeing, the Industrial and Commercial Bank of China, and international law firm Allen & Overy.

Xfinity, Comcast’s cable television and internet division, became the latest CitrixBleed victim, the company confirmed in a notice to customers on Monday.

The notice doesn’t say how many Xfinity customers have been impacted, and Comcast spokesperson Joel Shadle declined to say when asked by TechCrunch.

In a filing with Maine’s attorney general, Comcast confirmed that almost 35.8 million customers are affected by the breach.

The original article contains 446 words, the summary contains 139 words. Saved 69%. I'm a bot and I'm open source!