Comcast has disclosed that its servers were breached in October, exposing the personal information of millions of Xfinity customers.
The company said the hackers got access to usernames, hashed passwords, contact details, and secret security question-answers for nearly 36 million subscribers.
According to the company, hackers exploited Cirtix Bleed sometime in October. Citrix Bleed is a critical security vulnerability found in Citrix networking devices, specifically NetScaler ADC and NetScaler Gateway appliances, which are used by companies to manage network traffic.
Comcast said it patched the flaw quickly but perhaps not quickly enough. By the end of October, it noted “suspicious activity.”
Not only could Xfinity subscribers be vulnerable to fraud with their personal information in the wrong hands, a dangerous scam targeting Xfinity customers might get even more dangerous.
The Xfinity scam gets more dangerous
As ConsumerAffairs reported in April, scammers are specifically targeting Xfinity customers with non-existent discount offers. The scam goes like this:
A telemarketer calls an Xfinity subscriber and offers a sweet deal. If they commit to two additional years of service their rate will be cut in half.
But, the subscriber has to pay for the first year in advance and, of course, must pay using Target gift cards. Because the scammers appear to specifically target current Xfinity customers, it suggests they have access to the company’s subscriber list.
The obvious tipoff that the deal is a scam lies in the fact that payment is requested using Target gift cards. However, the scammers rationalize that request by saying the deal is part of a joint promotion with the retailer. Still, any request for payment with gift cards should be considered a scam.
Another tip-off that the “deal” wasn’t real is the fact that victims were contacted by telephone. A large company like Comcast, the parent company of Xfinity, would use a much more economical way to market its promotion, such as email or direct mail.
In the wake of this data breach, Xfinity customers should be on the lookout for this scam.