Home > Tech

Xfinity data breach affects more than 35 million — what we know

Xfinity says there has been "unauthorized access" to its systems due to a vulnerability from a third-party provider.
 By 
Matt Binder
 on 
Share on Facebook Share on Twitter Share on Flipboard
Xfinity logo
Xfinity is notifying customers of a major data breach. Credit: Omar Marques/SOPA Images/LightRocket via Getty Images

Xfinity customers, be aware. You may have been affected by a major data breach.

Comcast, operating under the brand name Xfinity — and offering a range of services including internet, TV, and phone — has commenced the process of informing customers about a significant data breach impacting tens of millions.

According to a breach notice posted by the government of Maine (first reported by Bleeping Computer), 35,879,455 people have been affected.

You May Also Like

What was stolen?

In early October, cloud computing company Citrix announced that it discovered a vulnerability affecting products used globally by companies like Xfinity. By late October, the vulnerability, known as Citrix Bleed, was actively being exploited, according to the cybersecurity firm Mandiant. Around that time, Citrix also released a critical update, patching the security flaw.

Once the update was available, Xfinity said it patched the security flaw. Soon after, however, Xfinity uncovered "unauthorized access" to its internal systems related to the vulnerability and notified federal authorities. Xfinity concluded that data had likely been compromised by mid-November.

According to Xfinity, it determined earlier this month that customer information that was accessed during the breach included usernames and hashed passwords. However, Xfinity added that some customers may have also had their names, contact information, last four digits of their social security numbers, dates of birth, and secret questions and answers stolen, too. The company said it's still investigating the data breach.

“We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” said an Xfinity spokesperson in a statement provided to media outlets.

All Xfinity customers have had their account passwords reset, so don't be alarmed when you log into your account for the first time since the data breach was disclosed. Xfinity recommends that customers use two-factor authentication for additional security.

Topics Cybersecurity

Mashable Potato
Recommended For You
Panera Bread breach: ShinyHunters claims hack of 14 million customers' data
By Matt Binder
Panera Bread logo on storefront
Conduent data breach already one of largest in U.S. history and keeps getting worse
By Tim Marcin
conduent logo on a phone
Instagram denies data breach: So what's up with those sketchy change password emails?
By Tim Marcin
instagram logo against a black background
Hackers says they breached Crunchyroll, stole nearly 7 million users' data
By Matt Binder
Crunchyroll logo
'The Daily Show' reacts to Trump's name appearing 'more than a million times' in the Epstein files
By Shannon Connellan
Jordan Klepper hosts "The Daily Show" beside an image of Donald and Melania Trump, Jeffrey Epstein, and Ghislaine Maxwell.
Trending on Mashable
NYT Connections hints today: Clues, answers for April 3, 2026
By Mashable Team
Connections game on a smartphone
Wordle today: Answer, hints for April 3, 2026
By Mashable Team
Wordle game on a smartphone
AirDrop on Pixel: Every Google smartphone that supports the Apple feature
By Alex Perry
Google Pixel 10 against blue background
What's new to streaming this week? (April 3, 2026)
By Belen Edwards and Kristy Puchko
A composite of images from film and TV streaming this week.
NYT Connections hints today: Clues, answers for April 2, 2026
By Mashable Team
Connections game on a smartphone
The biggest stories of the day delivered to your inbox.
These newsletters may contain advertising, deals, or affiliate links. By clicking Subscribe, you confirm you are 16+ and agree to our Terms of Use and Privacy Policy.
Thanks for signing up. See you at your inbox!