Search This Blog
Powered by Blogger.

Blog Archive

Labels

Load More
Trendy Right Now

Popular Posts

Showing posts with label comcast. Show all posts
Xfinity
comcast Data Breach Supply Chain Attack Telecommunication Xfinity

Comcast-Owned Telcom Business 'Xfinity' Suffers Data Breach


Comcast-owned Xfinity has suffered a major data breach, affecting more than 25 million of its customers. 

This intrusion not only demonstrates a risky and expanding practice among hackers, but it has also greatly increased the vulnerability of millions of US-based individuals. In certain cases, the situation is actually a lot worse than one may believe.

According to editor of Scamicide.com, Attorney Steven Weisman, this data breach is significantly dreadful for customers since threat actors were able to access the last four digits of social security numbers of the affected individuals. The first five numbers could easily be figured out by the hackers, as they are based on the owner’s residential address and the location where the card was issued.

“So if a criminal has the last four digits, the first three they can figure out easily, the second set they can get relatively easily, so it puts a lot of people in danger of identity theft,” explained Weisman.

Due to this particular issue of rather uncomplicated identification of social security numbers, the government had started randomizing the numbers in 2011.

Furthermore, these hackers are rather harmful. They introduced their malware in the software that Xfinity bought, rather than really hacking into Xfinity. According to Weisman, they are known as "supply chain" hacks, and their prevalence is significantly on the rise. 

“They put their malware into the legitimate software. A company like Comcast gets some accounting software that they have no reason to think is anyway tainted and bam – the malware is in there and the personal information is stolen,” said Weisman.

In the recent times, these types of data breach are becoming more common. Customers are being asked by Xfinity to check their credit, change their passwords, and sign up for a multi-step verification process after the company announced the incident on its website. Additionally, people ought to routinely check their credit scores and freeze their credit.

About Xfinity

Xfinity is a US-based telecommunications business segment, owned by Comcast Corporation, used in marketing consumer cable television, internet, telephone, and wireless services provided by the company. Xfinty, before being established in 2010 was operating under the common-label of Comcast, where the aforementioned services were marketed.  

Read more »
database
1.5 billion comcast Data Breach data security database

Comcast Data Breach Compromised with 1.5 Billion Data Records

 

American cable and Internet giant Comcast was struck by a data breach few days back. An unprotected developer database with 1.5 billion data records and other internal information was available via the Internet to third parties during this data breach. 

Comcast Corporation is the largest cable operator network and, after the AT&T it is the second largest internet service provider as well as the third largest telephonic company in the US after the AT&T and Verizon Communications. 

Recently the research team of WebsitePlanet in collaboration with the security researcher, Jeremiah Fowler, identified a non-password-protected database with a total size of 478 GB of 1.5 billion records. The database of Comcast featured dashboard permissions, logging, client IPs, @comcast e-mail addresses and hashed passwords in publicly accessible domain. By this breach, a description of the internal functionality, logging and general network structure is established with the IP addresses contained in the database. The server also revealed the Comcast Development Team's email addresses and hashed passwords. Further the database also provided the error reports, warning and the task or job scheduling information, cluster names, device names, and internal rules marked by the tag “Privileged=True.” Middleware also was detected in error logs and can often be used for ransomware or other bugs as a secondary way. 

However the measures to control the access to the data were taken around in an hour, as the malicious actors could have easily accessed and retrieved the confidential information until the data was secured. The researchers relying on Comcast's data immediately submitted a notice of disclosure and affirmed their observations to their Security Defect Reporting team. 

Fowler also said that, this was among the fastest response times I have ever had. Comcast acted fast and professionally to restrict the data set that was accessible to anyone with an internet connection. 

A representative for Comcast stated that, “The database in question contained only simulated data, with no real employee, customer or company data, outside of four publicly available Comcast email addresses. The database was used for software development purposes and was inadvertently exposed to the Internet. It was quickly closed when the researcher alerted us of the issue. We value the work of independent security researchers in helping us to make our products and services safer and thank the researcher for his responsible disclosure in this matter.” 

Naturally, it is unavoidable to deal with errors which reveal data as long as people are engaged in configurations. However, Comcast's size does cause these mistakes to be very disruptive and can affect many subscribers and business customers. That's the reason why these firms would follow those security lists, double-check additional teams, and do whatever they can to reduce chance of publicity. Though in this incident the action was taken in time.
Read more »
Subscribe to: Posts (Atom)