In a recent security breach, Comcast-owned Xfinity has disclosed that the personal data of nearly all its internet provider customers has been compromised. The breach, affecting 35.8 million people, revealed sensitive information such as account usernames, passwords, and answers to security questions. Comcast notified its customers of the attack through its website and via email.

The intrusion was traced back to a vulnerability in software provided by cloud computing company Citrix. Although Citrix had previously patched the vulnerability in October, unauthorized users managed to gain access to Xfinity's internal systems between October 16 and 19, resulting in the exposure of customer data. The compromised information included names, contact details, birthdates, partial Social Security numbers, and answers to security questions.

Citrix, a software provider used by numerous companies globally, had previously announced the vulnerability that has been referred to as "Citrix Bleed." Besides Xfinity, the vulnerability has been linked to cyberattacks targeting the Industrial and Commercial Bank of China's New York arm and a subsidiary of Boeing, among others.

Comcast has taken immediate action to address the situation, stating that all Xfinity customers, irrespective of whether their accounts were breached or not, must reset their usernames and passwords. Furthermore, the company is strongly advising subscribers to utilize two-factor authentication to enhance security.

Xfinity emphasized the importance of not reusing passwords across multiple accounts, but it also urges customers to change passwords for other accounts utilizing the same username and password or security question.

With over 32 million broadband customers, as reported in Comcast's most recent earnings report, it is likely that the breach affected all Xfinity customers. To address concerns and inquiries, Xfinity has established a toll-free helpline available at (888) 799-2560, operating 24 hours a day from Monday to Friday, between 9 a.m. and 9 p.m. Eastern time. Additional information regarding the incident is also accessible on Xfinity's website at www.xfinity.com/dataincident.

This security breach highlights the ongoing challenges faced by companies in safeguarding customer data in an increasingly interconnected world. It serves as a reminder for individuals to remain vigilant in protecting their personal information and to promptly take necessary action when a breach occurs.