A breach of Comcast’s Xfinity systems has impacted nearly 36m customers, while a ransomware group has reportedly leaked millions of internal Sony files online.
Hackers have been moving ahead at full speed recently, as both Sony and Comcast have been hit with data breaches.
Comcast recently informed customers that its Xfinity telecoms business had a “data security incident” due to a vulnerability in Citrix software, which was revealed on 10 October by Citrix. The cloud company issued additional guidance on the vulnerability on 23 October.
Xfinity said it “promptly patched and mitigated this vulnerability” but noticed suspicious activity during a routine exercise on 25 October. The company determined that there was unauthorised access to its internal systems between 16 October and 19 October, as a result of the Citrix vulnerability.
Comcast did not share how many customers were impacted in this notice, but a filing with a US attorney general suggests nearly 36m customers have been affected by the breach. The breached customer information includes usernames and hashed passwords.
For some customers, other information may also have been included in the breach such as names, contact information, the last four digits of social security numbers, dates of birth, and secret questions and answers for accounts.
Xfinity customers are being required to change their passwords as a result of the breach. Darren James, a senior product manager at Specops Software, said the report is “particularly alarming” due to the exposure of passwords and security questions and answers.
“We have seen that many people reuse the same password and security questions across many platforms, so if this data has been exposed then it’s not just the Xfinity account, it’s potentially many other services as well,” James said.
“Even though the passwords may have been hashed, depending on the hashing algorithm used and the length of the password it is still relatively easy to brute force these hashes back to clear text very quickly using relatively inexpensive hardware.”
Sony leak
Meanwhile, Bloomberg reports that more than 1.3m files from Sony’s Insomniac Games division have been leaked onto the internet.
A ransomware group called Rhysida have reportedly claimed responsibility for the breach. The files seem to contain various insider information such as game roadmaps and budgets. Bloomberg reports that the files suggest Sony will release various Marvel-themed games in the next few years, such as Spider-Man and Wolverine titles.
Erfan Shadabi, a cybersecurity expert at data security company Comforte AG, said the leak could have consequences for Sony’s “operational integrity and industry standing”.
“The leaked data, valuable to competitors, could be exploited for strategic advantage or used for malicious purposes such as the development of malware,” Shadabi said.
Meanwhile, KnowBe4’s lead security awareness advocate Javvad Malik said the breach shows that “no industry is immune”.
“Companies must learn and adapt quickly, implementing layered defences and educating staff to recognise and respond to evolving threats,” Malik said. “Knowledge sharing and government-industry collaboration are critical in responding to these threats.”
Last year, Rockstar Games suffered a breach that leaked videos from early development versions of its next game, Grand Theft Auto 6. The company said this breach was the result of a “network intrusion”.
10 things you need to know direct to your inbox every weekday. Sign up for the Daily Brief, Silicon Republic’s digest of essential sci-tech news.
Updated 21 December 2023, 7.40am: An earlier version of this article stated that Xfinity patched the vulnerability on 23 October, but Xfinity said this is not accurate.