Hackers Gained Access To The Sensitive Data Of 36 Million Comcast Customers
Hackers have managed to obtain the personal data of 36 million Comcast customers.
In a notice sent to customers on Monday, Comcast announced that hackers had exploited the CitrixBleed" vulnerability in Citrix networking devices that's been a problem since at least August. Hackers gained access to a significant portion of Comcast systems between October 16 and October 19, but the company didn't notice the intrusion until October 25.
It's taken almost two months for Comcast to identify the scope of the intrusion, determine what data was accessed, and inform customers of the hack, which gave the hackers access to usernames, security questions, contact information, dates of birth, the last four digits of user social security numbers, and hashed passwords (Comcast doesn't say what encryption algorithm was used).
Comcast attempted to downplay the scope of the hack by insisting they haven't (yet) seen any instance of the data being used against Comcast customers. Not that they'd have any way to actually know that:
We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers"
Comcast currently has around 32.3 million broadband customers (and dropping), and 14 million or so TV customers (dropping even faster). I'm a broadband customer (Comcast has a monopoly at my address) and have yet to receive any notification whatsoever.
The Comcast hack - and the telecom giant's 8 week delay in informing customers - comes as the FCC is considering new rules that would require broadband providers to do a better, faster job informing customers about data breaches. The effort is being uniformly opposed by Republicans, who consistently side with big telecom when it comes to the industry's never-ending quest for zero accountability.