Xfinity Data Breach
 

This am I received an email from Xfinity involving a data breach with instructions. Citrix a software provider had a security breach of users personal info in Oct 2023. My email was very lengthy and gave Xfinity numbers and web site to go to. Called the number to verify information. Yes, this was sent by Xfinity. We changed our password as instructed. Has anyone else received this email?
Googled this also and found many news reports on this breach.

Yup, it definitely happened. Changed our password and got a phishing email looking for updated credit card information from an Xfinity imposter that went straight to junk. Be careful out there. Not to cross thread, but I can’t believe how many misguided folks are out there that support moving to a cashless society. The incredible amount of data theft going on is very dangerous stuff! I feel much more confident and safer defending my cash than I do with electronic data.

We saw the initial news article, then got the email several days later, but I had already changed our password. I guess I am lucky(??), this is around the 10th time I have been the victim of a data breach. I am currently under several years of free fraud monitoring.

I didn’t receive an email but when I talked to Comcast because a package added, Now TV, which they said would be added free if I upgrade something, but was actually billed for it anyways. To go into my account I had to change my password.

No email. But when I accessed my account, they made me change my password.

From the notice on the Xfinity webpage:

The next time you login to your Xfinity account, you will be prompted to change your password, if you haven’t been asked to do so already.

Got the email before Christmas, even though we haven’t had xfinity since 2/2023

Potentially all of a users security info was compromised.

Unique passwords and a password manager are your friend.

We got a letter and have changed our password and shortly we will look at xfinity in our rear view mirror

I am flat out sick and tired of all these data breaches. Companies require us to use electronic systems but then don't provide adequate protection because they don't want to pay for the best. I wish there was some type of recourse for their failure to protect our info. I'M MAD AS HELL AND I'M NOT GOING TO TAKE IT ANYMORE! .......(there, I said it. I think I'll go have another cup of coffee and relax the rest of the day)

I received that e-mail yesterday and printed it out ( only 2 pages) so I have all the info needed in case I need to notify these credit companies in the future. Also changed my password several weeks ago.

Get out that password notebook to update often. Lots of data breaches and cyber attacks will be coming. These attacks are going to be the new chaos "normal" for 2024 according to the powers that be that somehow always know these things.

Expanding on breaches, it's a good thing we have our roundabouts in T V and not so many red lights directed by cyber power grids. T V 4-way stops at Sumter Landing create "doe-eyed" looks of confusion. Don't even want to imagine outside of the bubble red lights going to 4-way stop status due to a cyber event with no first responder assistance available.

Happy to be living in the best bubble ever!

(topcfha agree. Wizzard of Oz run cyber $, no thanks)

I changed a while ago. What do these people get out of it?

Did the data breach include credit card information?

It would be best to read the Xfinity announcement.

Part of it reads:

What Information Was Involved? On December 6, 2023, we concluded that the information included usernames and hashed passwords. For some customers, other information was also included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, our data analysis is continuing, and we will provide additional notices as appropriate.

Thanks, I have Xfinity but didn't get an email.

I imagine that is a fairly common reaction among people, given the plethora of stories about data breaches, online fraud, etc. etc. Probably especially so among we Boomers, who came of age and lived as young adults in a totally different reality.

I sometimes think my brother has it right. He lives alone in far Northern Minnesota. No computer. No cell phone. His phone is a land line still in Dad's name (Dad died in 2004). No credit cards. His only two concessions to modernity (semi-modernity) are a checking account and satellite TV.

As he is fond of saying "just because you're paranoid does NOT mean that they're not out to get you".

For anyone with the password manager LastPass, they have been breached several times. Find another password manager. So far 1Password has never been breached.

Like many others I saw this on the news and changed password long before being notified by Xfinity. What I found funny (not) was their advise to purchase the likes of Experion etc. First time I have been part of a compromise where the company didn’t offer free monitoring for 12 months. Their mistake, they should cover. Heck, they will bake the cost into their next renewal anyway.

On this data breach they got everything about you including your SS number. Comcast should be held liable for any costs incurred by people who have damages from identity theft!!!

Terrible. So not only paying a premium for their services but they are raising their prices even with a deal due to higher fees from their content providers but now have to worry about a data breach.

Glad I switched to Quantum Fiber a while back.

Good News! As more services move to passkeys the breaches will have less impact, because the credentials are stored on your device not the server.

Unfortunately services like xfinity will probably be slow to adopt it. https://youtu.be/j1zUY7lOKq8

In the meantime a secure password manager like Bitwarden.com can ease your password frustrations.

The letter said the last four of the SS number. Do you have any information that it was more than that?

My name, number, last four of SSN, and DoB are stored on many places, possibly including the open internet. I don't like seeing them all in one place and I don't like that systems that have them are breached but I don't get terribly excited about that either.

With the information that was taken they *might* be able to get into my Xfinity account. If I reused a password on another site then they *might* be able to get into that site if they tried. And, if I used a particularly weak password then they *might* be able to determine what it was. The things that they *might* be able to do are still a long way from actually stealing anything from me.

I've had checking accounts opened in my name even without data breaches. It will be very difficult for anyone to prove that a case of identity theft is attributable to this particular data breach. A credit freeze is a wise choice even without a breach. A monitoring service or getting the six free credit reports (two for each of the three credit bureaus) is good for peace of mind.

They add up any cost they can think of plus a few just in case and add it to their yearly renewal. We get to pay for their incompetence

Even Equifax can't keep your data safe.
"40 percent of the population of the United States — whose names, addresses, dates of birth, Social Security numbers, and drivers’ licenses numbers were exposed."
Equifax data breach FAQ: What happened, who was affected, what was the impact? | CSO Online
Equifax Data Breach Settlement | Federal Trade Commission

...

...

The only affiliation we have with Xfinity is that when we changed cable providers, we were able to keep the email addresses that we have had for many years. (they end in @comcast.net) I was able to change the password to the primary account but haven't been able to change the password on the two secondary accounts, so we are locked out. Any suggestions?

Agree!!

Yes. Bite the bullet and establish a new e-mail address(es), independent of your current or previous ISP, that you can keep for the rest of your life. I know it can be painful but you should just do it. There are plenty of no cost options (gmail, yahoo, etc) as well as creating (and paying for) your own domain so your e-mail will look something like "firstname@lastname.com".

i left xfinity for other reasons, but when i did, i realized exactly what i was spending every month for their overpriced service. i went with spectrum on all devices & use Roku. best move i ever made, &,...i read it here first! :coolsmiley:

i would imagine so,..maybe even socials, who knows. just watch all bank statements & ignore spam/phishing emails by going directly to said site

So is freezing your credit with all 3 credit company's.
Not 100% perfect but why take a chance.

Thanks for this suggestion. We already have 2 Gmail accounts. I am really most interested in retrieving the secondary Xfinity account that is used by my husband for communication with the VA and other medical facilities.

One thing you might try (if you haven't already) is go to connect.xfinity.com and see what you can do from the settings there. I only have a single account but it appears that this page might allow you to access multiple accounts which hopefully would include your secondary accounts.

I don't know if this works for xfinity but it is similar to how I am able to manage secondary accounts on another service I have.

scam email asking for payment recd today
 

Back on December 16th xfinity forced me to change my password, later I found out that there was some sort of security breach. Today a few weeks later January the 9th I received a phishing email that said my method of payment needed to be changed or my service would be cut off in 24 hours. I hovered over the email to find out the URL of the sender and it was not xfinity. I did open the email and it looked very official but I did not click on any links. Coincidentally I had l three 15 minute Internet outages yesterday, I was almost convinced that I would be cut off if I didn't change my payments method. But I held out and did not click on it.
Anybody else getting phishing emails?

I haven't received any from Xfinity but I have seen some from various banks and other online services (most of which I don't have accounts with).

Sign in to the primary account.

Go to "Account and identity". When you scroll down, you should see all of the secondary accounts. Click on the first one, scroll down to "Xfinity ID", and you should see an option to "Change Password".

Change password.

Rinse and repeat for each secondary account.

Also suggest activating 2 step authentication.

Your suggestion is appreciated but I already tried that. At the bottom of that page "This account no longer active. Users cannot be added." I cannot 'open' the secondary accounts to change passwords.