Comcast breached

[erek]

Cumcast got breached due to CitrixBleed

“The company says for an unspecified number of customers, hackers may have also accessed names, contact information, dates of birth, the last four digits of Social Security numbers and their secret questions and answers.

Comcast notes that “our data analysis is continuing, and we will provide additional notices as appropriate,” suggesting additional types of data may also have been accessed.


The notice doesn’t say how many Xfinity customers have been impacted, and Comcast spokesperson Joel Shadle declined to say when asked by TechCrunch. In a filing with Maine’s attorney general, Comcast confirmed that almost 35.8 million customers are affected by the breach. Comcast’s latest earnings report shows the company has more than 32 million broadband customers, suggesting this breach has impacted most, if not all Xfinity customers.

It’s not yet known whether Xfinity received a ransom demand, how the incident has impacted the company’s operators or whether the incident has been filed with the U.S. Securities and Exchange Commission, as required by the regulator’s new data breach reporting rules. Comcast’s spokesperson would not say.

“We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” said Shadle in an email to TechCrunch.

Xfinity says it is requiring that customers reset their passwords and recommends the use of two-factor or multi-factor authentication — which the company doesn’t require by default — for all customer accounts.

Updated with additional comment from Comcast.”
https://techcrunch.com/2023/12/19/comcast-xfinity-hackers-36-million-customers/

 

[Axman]

This is why it's messed up that they even ask for your SSN, even if it's partial.

 

[Geforcepat]

Well, Isn't that just comcastic.

 

[GoldenTiger]

This is why it's messed up that they even ask for your SSN, even if it's partial.

I was able to skip that for a $100 deposit that they refunded after a year of service... but yeah, ssn are not meant to be an ID number. Never were.

 

[Sycraft]

I was able to skip that for a $100 deposit that they refunded after a year of service... but yeah, ssn are not meant to be an ID number. Never were.

No they ARE meant to be ID numbers, the problem is they are used as authentication. IDs should be able to be freely given. Your SSN should be something like your name that people can know if they have a reason to identify you. They should NOT be used to authenticate you are who you say you are. That's the problem.

 

[Axman]

No they ARE meant to be ID numbers, the problem is they are used as authentication. IDs should be able to be freely given.

Why do they print "Not for identification" on the card, then?

 

[Sycraft]

Why do they print "Not for identification" on the card, then?

Because we use the terms wrong and interchangeably and you can't use it to prove who you are. So identification, in an information assurance sense, means the ID of a person or an account or something. This is something that should be unique, and can be known by others. The reason for something like an SSN is because names aren't unique. So when you enter your login for e-mail, that's identification. The next step is authentication, which is proving that the person is who they say they are. That's actually what we use our ID cards for IRL. The government has (or should have) determined you are who you say you are and given you a token attesting to that fact. You can then use the card to authenticate who you are. When you enter your password for your e-mail, that's authentication.

The problem we run in to is that while ID cards work pretty good in person because you can look at the person and see if they match the picture, they don't work online. So we need other ways to authenticate who someone is. Sadly, SSN has become used for this purpose. It shouldn't be, it shouldn't be treated as secret knowledge like a password. We should have something else you use to authenticate who you are.

 

[Sir Beregond]

Great, just signed up with XFinity 11 months ago due to the fact its the only provider around here that could provide me near gigabit for not much more than the other guy in town was offering 40mbps for.

Good thing my credit is frozen I guess.

 

[Zarathustra[H]]

This is why it's messed up that they even ask for your SSN, even if it's partial.

I never understood this. They make it sound like they are going to run a credit check on you. Credit for what? It's not like you are borrowing a large sum of money you need to pay off. It's a bill somewhere between $50 and $300 a month. If someone doesn't pay their bill, shut off their service and write off your losses.

Using credit checks for things that are not loans should be illegal.

 

[toast0]

I never understood this. They make it sound like they are going to run a credit check on you. Credit for what? It's not like you are borrowing a large sum of money you need to pay off. It's a bill somewhere between $50 and $300 a month. If someone doesn't pay their bill, shut off their service and write off your losses.

Using credit checks for things that are not loans should be illegal.

It's a piddly loan, but cable service is post paid: you get your month of service and then you pay for it. And they're letting you borrow the box, so there's that too. All up, maybe $500 of risk?

If I were a cable company, I'd make it prepaid, figure a way to charge $100 for boxes and not ask for sensitive info.

 

[Brahmzy]

Too big to fail, er wait. Dammit.

 

[mwroobel]

And this is the perfect thread for this... Which is how Comcast sees their multitudes of customers!

View: https://www.youtube.com/watch?v=KMcny_pixDw

 

[Tsumi]

Got no choice here. It's either Comcast, cellular, or satellite. Waiting for ATT to roll out fiber to our neighborhood but they're taking their sweet time about it.

Sanctioned monopolies are the worst.

 

[samduhman]

Got no choice here. It's either Comcast, cellular, or satellite. Waiting for ATT to roll out fiber to our neighborhood but they're taking their sweet time about it.

Sanctioned monopolies are the worst.

Same here Tsumi. Considering I'm in a neighborhood with more than enough residents to support multiple carriers, fiber companies refuse or have a deal with crapcast to never roll out fiber service. It's so #$@% frustrating.

 

[Sir Beregond]

Got no choice here. It's either Comcast, cellular, or satellite. Waiting for ATT to roll out fiber to our neighborhood but they're taking their sweet time about it.

Sanctioned monopolies are the worst.

No fiber in my neighborhood and presumably won't be for many years last time I talked to them.

So it was either Comcast or DSL or satellite.

 

[sharknice]

Same here Tsumi. Considering I'm in a neighborhood with more than enough residents to support multiple carriers, fiber companies refuse or have a deal with crapcast to never roll out fiber service. It's so #$@% frustrating.

It's weird how that works out sometimes. My rural hometown with a population under 2k have several DSL providers, a cable provider, multiple wireless providers, and I think 2 fiber carriers now. I don't know if the local government denied the ISPs monopoly agreements, or it is just such a small town ISPs didn't bother attempting them. My parents have had Fiber for about 20 years now from a small local ISP.

 

[chameleoneel]

Most of north/northeast/east Portland, is Xfinity or bust. As much as Ziply advertises around here----they only cover the West side. There is one other fiber provider which is owned by Centurylink (can't think of the exact name). And its more/less the same situation, with them.

I used to live 2 blocks north of Seattle Center (where the Space Needle is)------which is about 2 miles from Centurylink HQ. And they could only give me basic speed DSL.

I also used to live in San Francisco----and Comcast had agreements for most neighborhoods, where they were the only provider allowed to be persistently available. You could get others, but you would have to pay a fairly large fee, for them to connect with you.

I have actually never lived anywhere which had many/great options for internet. Its been a real drag.

Here in Portland, its common to have multiple roomates. And in that situation, its a good idea to just get a business line with Comcast and split the otherwise high cost. That gets you better speeds down and up. And somewhat increases the data cap.

 

[Domingo]

My neighborhood is finally getting fiber installed right this minute, so I look forward to leaving Comcast forever. Doesn't really help with this situation, but at least I'll finally have a legit alternative to Comcast's BS.

 

[ng4ever]

My neighborhood is finally getting fiber installed right this minute, so I look forward to leaving Comcast forever. Doesn't really help with this situation, but at least I'll finally have a legit alternative to Comcast's BS.

Enjoy.

 

[SomeoneElse]

Got fiber in our area 4 years ago and never looked back at comcast. We stream everything now, plus no Bandwidth caps so Comcast can go F themselves

 

[sfsuphysics]

Why do they print "Not for identification" on the card, then?

Because the card itself is not a form of identification, while the number is used as an identification value for you the possession of the card itself does not in any way verify your identity.

 

[sfsuphysics]

Got fiber in our area 4 years ago and never looked back at comcast. We stream everything now, plus no Bandwidth caps so Comcast can go F themselves

I'm still waiting for Sonic.net to come through and run fiber in my area. Unfortunately they have a nasty way of telling you "fiber is available" then after you fill out all the information they say "we're in pre-construction phase" which now over a year ago is basic double talk of "we'll get there when enough people in your neighborhood sign up to make it worth us going in there. Which on one hand I do benefit with Comcast internet by getting cell service where 2 lines cost me $12/month (+taxes/fees) for 1Gig of data which I have not see anything come close to in price, but on the other hand 10gig* fiber for $30/month kind of makes up for the cell service price. *only 10gig if I have said equipment to go that fast

 

[w1retap]

Yep.. I ditched Commiecast early this year since AT&T Fiber finally got installed through my backyard. I was waiting for almost 10 years for them to run it since the initial "Fiber is coming" door flyer from AT&T. I don't really like AT&T either, but they're 100x better than Comcast so far. At least my internet doesn't drop out every 10-12 days now. It is $20/mo cheaper, and a lot faster. 1Gbps/1Gbps symmetrical for $79.99/mo (no data cap). With Comcast I was paying $109.99/mo for 600Mbps/20Mbps (1TB/mo cap).

Just the customer service alone is far better with AT&T. I can actually talk to a US-based individual (for now at least), whereas Comcast routed you to India every time and they could never understand what your issue was, and just tell you to reboot your modem.

 

[Tsumi]

I'm still waiting for Sonic.net to come through and run fiber in my area. Unfortunately they have a nasty way of telling you "fiber is available" then after you fill out all the information they say "we're in pre-construction phase" which now over a year ago is basic double talk of "we'll get there when enough people in your neighborhood sign up to make it worth us going in there. Which on one hand I do benefit with Comcast internet by getting cell service where 2 lines cost me $12/month (+taxes/fees) for 1Gig of data which I have not see anything come close to in price, but on the other hand 10gig* fiber for $30/month kind of makes up for the cell service price. *only 10gig if I have said equipment to go that fast

Sonic was advertising around our area too and I really wanted them to come to our neighborhood. Unfortunately it's now ATT that's pulling fiber through.

 

[chameleoneel]

At least my internet doesn't drop out every 10-12 days now.

LOL. My Girlfriend just got Comcast setup 2 weeks ago, after she moved into an aforementioned Portland neighborhood. About 1 week into it, she had an outage for 2 hours. And they didn't send her a notice about it, until it was fixed.

 

[SamuelL421]

I hate this company so much. Comcast is the only provider of internet here with speeds over 200mbps, so they are the only option.

...These hackers may have my real last 4 and phone number, but they don't have my real name. Comcast sucks so hard that they entered my name incorrectly when I signed up for something in person (long ago) and - despite my best efforts - they were never able to correct it after the fact (ineptitude? laziness?). Comcast is so shit, they can't even lose their customer's information well

 

[pendragon1]

wheres philb2 this is a perfect thread for him...

 

[ng4ever]

My neighborhood is finally getting fiber installed right this minute, so I look forward to leaving Comcast forever. Doesn't really help with this situation, but at least I'll finally have a legit alternative to Comcast's BS.

Which ISP is it? AT&T ?

 

[schmide]

As bad as this is, they must not have gotten away with much due to their upload speeds.

 

[sfsuphysics]

Sonic was advertising around our area too and I really wanted them to come to our neighborhood. Unfortunately it's now ATT that's pulling fiber through.

Yeah I can get AT&T fiber if I want, it just turns my stomach that they're still doing the tiered service plans with it. Sonic is like the only company that admits that data and bandwidth is dirt cheap in the grand scope of things, and is just like "here's your fiber cable, do what you want" which is why they offer "10Gbps" fiber.

 

[Tsumi]

Yeah I can get AT&T fiber if I want, it just turns my stomach that they're still doing the tiered service plans with it. Sonic is like the only company that admits that data and bandwidth is dirt cheap in the grand scope of things, and is just like "here's your fiber cable, do what you want" which is why they offer "10Gbps" fiber.

Yeah, at that point it is just pick the lesser of two evils. I don't even have that choice at the moment.

 

[Sir Beregond]

My neighborhood is finally getting fiber installed right this minute, so I look forward to leaving Comcast forever. Doesn't really help with this situation, but at least I'll finally have a legit alternative to Comcast's BS.

Enjoy it! I long for that day. Right now my options are Comcast to get any good speeds. Century Link DSL up to 40mbps but really at best maybe 30mbps from what I hear around the block.

And that's it. Anything else at that point is satellite or mobile 5G from places like Verizon.

 

[Domingo]

Enjoy it! I long for that day. Right now my options are Comcast to get any good speeds. Century Link DSL up to 40mbps but really at best maybe 30mbps from what I hear around the block.

And that's it. Anything else at that point is satellite or mobile 5G from places like Verizon.

That's been the case in Denver forever, but Quantum Fiber is popping up all over the place. Google fiber is apparently inbound in some areas, too. I've honestly had okay luck with Comcast's internet (and previously cable), but the prices skyrocket at random without warning and I still despise that 40MB upload cap that costs a small fortune to bypass.

 

[Brahmzy]

Comcast just upped their upload speeds from 40Mbps to 200Mbps, for free. Problem is, it requires everybody who owns their own high-dollar multi-gig modems they just bought to go buy new high-dollar multi-gig modems, just for this upload increase. The newest DOCSIS spec apparently allows for up to 400Mbps upload speeds vs the old 40Mbps. I’m getting tired of the “buy a new $250 modem once a year” thing.

Been getting some ads for Quantum Fiber as well - anybody have QF?

 

[Sir Beregond]

That's been the case in Denver forever, but Quantum Fiber is popping up all over the place. Google fiber is apparently inbound in some areas, too. I've honestly had okay luck with Comcast's internet (and previously cable), but the prices skyrocket at random without warning and I still despise that 40MB upload cap that costs a small fortune to bypass.

LOL, yep I am also in Denver.

 

[1_rick]

Comcast just upped their upload speeds from 40Mbps to 200Mbps, for free. Problem is, it requires everybody who owns their own high-dollar multi-gig modems they just bought to go buy new high-dollar multi-gig modems, just for this upload increase. The newest DOCSIS spec apparently allows for up to 400Mbps upload speeds vs the old 40Mbps. I’m getting tired of the “buy a new $250 modem once a year” thing.

Been getting some ads for Quantum Fiber as well - anybody have QF?

You can use a DOCSIS 3.0 modem to get 200Mbps--I'm doing it right now. It'll go up to about 240-250Mbps actually. I'm using a cheapo Netgear CM400 that's probably 5 years old and is on Comcast's compatibility list (or it was 3 years ago when I moved here, but it probably still is.)

if you want 300, 400Mbps or higher you'll need the more expensive DOCSIS 3.1 modems, yeah.

 

[sfsuphysics]

Yeah, at that point it is just pick the lesser of two evils. I don't even have that choice at the moment.

This is true but more importantly the two evils create competition which brings choices and better prices. I remember when AT&T in my neighborhood maxed out at 6Mbps ADSL (and the MFers were STILL tiering that shit at 1.5,3 and 6) and Comcast was like "hey we got 100 Mbps connections for only $99!" (they did tiers too but it seems less petty when you have huge speed differences). Then when AT&T did that Uverse crap which I think was fiber to the box the ADSL locally and could push 20+ Mbps, then Comcast was "we got 250Mbps for only $70", then when AT&T laid fiber, Comcast once again "Hey you want 2Gbps? We got that!" but I settled for 500Mbps for $50/month (which ended up being closer to 600Mbps). Now I'm sure technology increased on the modem side of things, but having competition definitely increases your choices which is exactly why Comcast wants to know your exact address before telling you what services are available and what they cost.

 

[Randall Stephens]

You can use a DOCSIS 3.0 modem to get 200Mbps--I'm doing it right now. It'll go up to about 240-250Mbps actually. I'm using a cheapo Netgear CM400 that's probably 5 years old and is on Comcast's compatibility list (or it was 3 years ago when I moved here, but it probably still is.)

if you want 300, 400Mbps or higher you'll need the more expensive DOCSIS 3.1 modems, yeah.

Weird where I’m at they utilize the new tech to get the upload speeds, the ofdm or whatever it is. I need to call and ask before I upgrade to see if that’s really true.

 

[Dopamin3]

You can use a DOCSIS 3.0 modem to get 200Mbps--I'm doing it right now. It'll go up to about 240-250Mbps actually. I'm using a cheapo Netgear CM400 that's probably 5 years old and is on Comcast's compatibility list (or it was 3 years ago when I moved here, but it probably still is.)

if you want 300, 400Mbps or higher you'll need the more expensive DOCSIS 3.1 modems, yeah.

Weird where I’m at they utilize the new tech to get the upload speeds, the ofdm or whatever it is. I need to call and ask before I upgrade to see if that’s really true.

Same for me (Western PA). I got an email that upload speeds are going up 5 - 10x. I did not see an upload speed increase on my Motorola MB6811 even after having Comcast send a force provision to the modem so I went ahead and ordered a Hitron Coda 56. Here is a full PDF list: https://assets.xfinity.com/assets/dotcom/projects/cix-4997_compatible-devices/2023.11.22 Full List of Compatible Devices.pdf I wanted to get a Netgear CM3000 but it's not out yet. I have yet to receive the Hitron so hopefully I see the upload increase just by activating it. Never heard of Hitron and it's using an Intel PUMA 7 chip, the PUMA 6 was a disaster but I haven't read anything negative on the PUMA 7 as of yet. Ultimately I'll probably get the CM3000 on release and keep the Hitron as a backup.

I hate Comcast so much. My MB6811 isn't even that old but it doesn't have certification on mid split they are doing to enable the higher upload speed in some markets. This breach was easily preventable if they just updated their software but they were too busy gouging customers to worry about their internal systems. One day I hope Comcast dissolves and the United States sees regional ISPs who have accountability, competitive pricing and can build up a reputation. I'm pretty rural and would drool over any fiber provider coming out so Comcast is likely what I'll be stuck with.

 

[1_rick]

Weird where I’m at they utilize the new tech to get the upload speeds, the ofdm or whatever it is. I need to call and ask before I upgrade to see if that’s really true.

I do know the modem is certified (edit: I guess it's out of support so it's not on the list Dopamin3 linked to, but it still works) to work with Comcast/Xfinity and the other big guys like Charter. The documentation says it's x8/x4 channels up/down and "up to 340Mbps" download speeds, which might imply upload speeds of half that (but I don't know for sure, as my plan is wildly assymetric--I can get up to around 260Mbps according to speedtest.net, but my upload speed is like 6Mbps, which is lame. IIRC when I was in Dallas with Charter, I had 200/20. Some of it depends on how the cable co provisions the modem.