Comcast held a virtual door open for thieves to steal data

Like I always say, update yo stuff!

MajorLinux - Editor-in-chief

It’s at least two times a week at this point that we hear or read about a big data breach. I mean, last week there was Insomniac and we all saw how that went down. It’s at a point where we are in the dark ages of cybercrime or companies are hiring less than stellar candidates in information security roles. Comcast makes me question which one it is.

This week, it was announced that Comcast was the target of a hack that exposed the personal data of 35.9 million Xfinity customers. To put that into context, that is 10% of the US population.

While that is big news in and of itself, a bigger issue is that Comcast knew about a hole in their security and had yet to patch it. The company fell victim to Citrix Bleed “between October 16 and October 19”. If that sounds familiar, it was a critical bug in Citrix network hardware that was discovered and fixed some time ago. Comcast waited to patch it on October 23.

A notice was sent to the Maine attorney general’s office about the hack. The following was included in the hack:

  • usernames
  • real names
  • addresses
  • dates of birth
  • security Q & As
  • last for digits of SSNs
  • hashed passwords
  • possibly more, according to Ars Technica

I don’t care what you have going on at your company. If there is a giant gaping hole in your security, that’s a case where you drop everything and patch it. That goes double for companies that hold sensitive information.

I knew Comcast was the worst, but this is nonsense.

Share This Article
By MajorLinux Editor-in-chief
Marcus Summers is a Linux system administrator by trade. He has been working with Linux for nearly 15 years and has become a fan of open source ideals. He self identifies as a socialist and believes that the world's information should be free for all.
1 Comment

Leave a Reply

Your email address will not be published. Required fields are marked *