Comcast Xfinity data breach 2023: Nearly 36 million affected

Dec 21, 2023 | 3 minute READ

Comcast Xfinity announced this week that a staggering 35.8 million customers were affected by a security breach. The breach exposed consumer data, including usernames, passwords, and answers to security questions.

Understanding the Comcast Breach

In October 2023, hackers exploited a critical vulnerability in Citrix networking devices, dubbed “CitrixBleed,” to infiltrate Comcast Xfinity’s systems. Despite Citrix releasing patches for the vulnerability in early October, the update was not applied in time, leading to unauthorized access to sensitive customer data between October 16th and 19th.

The Extent of the Impact

The breach resulted in the theft of usernames and hashed passwords. For some customers, additional information was compromised, including names, contact details, partial Social Security numbers, dates of birth, and answers to security questions.

Xfinity stated there is no current evidence of the stolen data being publicly leaked or used for attacks. However, the company also noted their data analysis is still ongoing.

Xfinity’s Breach Response and Recommendations

In response to the breach, Xfinity has mandated a reset of all customer passwords. The next time you log into your account, you will be prompted to reset it. Xfinity also encourages everyone to proactively change their password as soon as possible.

Furthermore, the company strongly recommends activating two-factor or multi-factor authentication. These steps are crucial for enhancing account security and mitigating potential damage.

Key Takeaways for Comcast Consumers

While the reset of your Xfinity password is mandatory, it’s also important to change the password for any accounts that may have used the same or similar password or username as your Xfinity account.

Good Security Practices:

  1. Password Hygiene: Use strong, unique passwords for each account. Avoid reusing passwords across multiple platforms.
  2. Enable 2FA: Two-factor authentication provides an additional security layer, making unauthorized access more challenging.
  3. Stay Alert: Be vigilant against phishing scams. Hackers might use the breached data to craft convincing phishing emails.

Additionally, Comcast advised customers to review account statements and monitor credit reports for suspicious activity. You may receive a free yearly report by visiting

The Comcast Xfinity data breach is a stark reminder of the ongoing battle against cyber threats. As technology evolves, so do the tactics of cybercriminals. It’s critical for everyone to stay informed and be prepared against threats. Cybersecurity is everyone’s responsibility, both at individual and organizational levels.

For more information, customers can call Xfinity’s incident response provider at 888-799-2560 Monday through Friday. Or by visiting

Partner with TREYSTA technology management

Don’t leave your cybersecurity to chance. Join forces with TREYSTA technology management and experience the peace of mind that comes with knowing your organization is fortified against cyber threats. Contact us today to schedule a free consultation and take the first step toward a more secure future.

Find out why businesses in Harrisburg, Hanover, York, and throughout Central PA and Northern MD trust TREYSTA as their technology experts.