Hackers accessed the personal information of all Xfinity customers in a massive data breach that was announced earlier this week by the internet provider. Some of the exposed data includes usernames, passwords, portions of Social Security numbers, and answers to users’ security questions.
So, what should affected customers do?
Comcast said it’s not aware of attacks on customers using data stolen in the hack, but cybersecurity experts say criminals don’t always act on stolen information right away. They can sell it to others, or try to use that information to access more personal data, like banking information.
The first step customers should take is to change their security information immediately.
“Change the answers to those security questions everywhere you use them,” said Dr. Pablo Molina, chief information security officer at Drexel University. “Maybe use fake answers, like you were born in the land of Oz, or something else. And enable multi-factor authentication everywhere you can.”
Philip Inchinaga, chief information security officer at Saint Joseph’s University, said usernames and passwords should be unique to each site.
“Users, including myself, are inherently sometimes lazy and will reuse either the same logins, the same passwords on different sites,” he said. “Using a password manager for your phone and/or your computer, they allow you to set different passwords for every login you create for every site and they keep track of it, so you don’t have to remember different passwords for different sites.”
Dr. Si Chen, associate computer science professor at West Chester University, thinks Comcast should be more transparent with customers and publish exactly what happened.
“They don’t have to be a technical guru to understand the details, but as a company, you need to publish that information so the people will have a clear message of what’s actually going on,” he said.
Xfinity said hackers gained access to internal systems as a result of a software vulnerability between Oct. 16 and 19. It discovered “suspicious activity” on Oct. 25, and in the following months determined that personal information was “likely acquired.”
In a statement, Comcast said, “We required customers to reset their passwords and we strongly recommend that they enable two-factor authentication.”
Follow KNX News 97.1 FM
Twitter | Facebook | Instagram | TikTok