Social Security Numbers at Risk for Some Xfinity Customers: More than 35 million users of Xfinity, which is owned by Comcast, have been affected by a big data breach.
Besides showing a growing trend among hackers, this breach also leaves millions of Americans very vulnerable.
Social Security Numbers at Risk for Some Xfinity Customers
Earlier this month, Xfinity sent a notice to users telling them that between Oct. 16 and 19, this weakness allowed hackers to get into internal systems without permission. This vulnerability had already been reported by software provider Citrix.
The “suspicious activity” was found by Xfinity on October 25. Over the next few months, they found that information was “likely acquired.” The company said on December 6 that the information included hashed passwords and usernames. For some customers, it also included the last four digits of their Social Security numbers, account security questions, birthdates, and contact information.
Editor of Scamicide.com and lawyer Steven Weisman says the Xfinity data breach is especially bad for customers because hackers got to the last four digits of their Social Security numbers. Hackers can easily get the first five numbers, which tell them where you live and where your card was created.
Weisman said, “If a criminal has the last four digits, the first three are easy for them to figure out and the second set isn’t too hard to get. This puts a lot of people at risk of identity theft.”
To stop this from happening, the government began giving out random Social Security numbers in 2011.
Also, these hacks are really bad. They didn’t really hack into Xfinity, but they put their malware into software that Xfinity bought. Weisman calls these hacks “supply chain” hacks, and he says they are becoming more common.
“They put their bad software into good software.” He said, “Comcast gets some accounting software that they have no reason to believe is hacked, and then all of a sudden, the malware is in it, and personal data is stolen.”
Xfinity told The Associated Press on Dec. 19 that it “not aware of any customer data being leaked anywhere, nor of any attacks on our customers” and that the breach is still being looked into.
About 35.9 million people were harmed by this breach, according to a report filed with Maine’s office of the attorney general. The company wouldn’t confirm a particular number, but said that the number in the file is for user IDs.
Too many data hacks happen all the time, like this one. Customers of Xfinity are being asked to keep an eye on their credit, change their passwords, and sign up for a two-step verification process. Credit should also be frozen, and credit reports should be checked often.
You can freeze your credit for free, and it will keep someone from using your name to buy big things, even if they have your social security number. You can find out more about how to freeze your credit on USA.gov.