A few days ago, Comcast hit the news headlines for increasing its service price so much that many of its customers weren’t ready for the surprise at all. Now, reports are in that the database of the Pennsylvania based digital services provider was hit by a cyber attack leading to a data breach, thus leaking details to hackers.
The attack reportedly took place on December 9th,2022(likely) when most of the IT staff were on a long Christmas leave or were about to take it to enjoy the festive season.
Going by the details, Xfinity email users started receiving email alerts that their account info was changed. And when they tried to access the account, their attempts failed as their passwords were changed. And after reporting the incident to the staff, the users discovered that a secondary email address was linked to their accounts without their knowledge.
Security analysts of the internet services provider stated that the attack could have taken place via credential stuffing and, as of now, Xfinity, the business subsidiary of Comcast has confirmed that the credentials were compromised.
Comcast is yet to officiate the attack, as it is waiting for the preliminary investigation to conclude.
NOTE- In the year 2018, an individual named Elizabeth launched a putative class action suit against the company for allowing cyber criminals to book new mobile phones on the name of customers without consent. Later it was revealed in the probe that the hackers got access to data of consumers using internet and TV cable accounts and used that stolen info to book smartphones on the website. However, the lawsuit went through arbitration and so wasn’t publicized much, as there was no clarity on who booked the smart phones and to which address they were mailed.