Data Leak

What is Xfinity doing about the latest data leak? So far, I know my email address and name has been compromised from xfinity but have not received an email from xfinity regarding the incident. I am getting dozens of spam emails. I have an email account set up specifically for xfinity so there is no confusion. We deserve to know what other information has been compromised and what you are doing about it.

Responses

Accepted Solution

U

user_9e6fd9

Visitor

•

5 Messages

3 years ago

I'm with you @iklopez501, they as a public company must disclosed and be transparent with these incidents, I have received 3 direct phising emails (not your standard spam campaign email) during the last 2 days (that did not go to my spam folder, there are more there) sent to an email address that was exclusively and only created and only given to Xfinity when my account was opened. Your report here confirms this is part of something larger.

2

CCAshley1

Official Employee

•

746 Messages

Hi, thank you for reaching out to our Xfinity Forums. At this time no Data leak has occurred. We take our customer's information and security very seriously and will protect it at all costs. If you have any security concerns please contact the Comcast Security Assurance Team. You can reach them online here, 6:00am - 2:00am EST, 7 days a week, or by calling 1-888-565-4329.

I no longer work for Comcast.

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer. tick

3 years ago

0

U

user_9e6fd9

Visitor

•

5 Messages

@XfinityAshley I contacted your security team, they cannot help because to report these phising emails you must have received an email at @comcast or @xfinity address. The only reason I reported this was for Comcast to be "aware" that at some point my specific email (which was uniquely created for comcast) was leaked to someone else, maybe not directly from your main database, maybe you created a promo campaign and whoever was used to "deliver" this campaign got ahold of my unique email address, I just don't know, unlike you that you claim "At this time no Data leak has ocurred", well that's just not true :) you just don't know yet you are attesting for something you don't really know or understand

3 years ago

0

CCChe

Official Employee

•

6.9K Messages

3 years ago

Hello @iklopez501! We appreciate you for posting to the Xfinity Community Forum to get assistance. We appreciate you for bringing this to our attention. Upon further research of the data leak you mentioned, I was not able to confirm that is true from our end. Based on what you've reported, I would highly recommend contacting the Comcast Security Assurance Team to see if there is something else going on that they can find. You can reach them online here, 6:00am - 2:00am EST, 7 days a week, or by calling 1-888-565-4329. I hope this helps!

0

I

iklopez501

Visitor

•

9 Messages

3 years ago

I called the Comcast Security Assurance Team and they assured me my account was safe because I have MFA when I log in. While that's great, I don't think my information was compromised there. They also had me send them copies of the emails. I appreciate their help but unless someone is really looking into this, I believe this will just snowball from here.

I suspected as the last user commented, this is something larger. It might not even be on Comcast's radar yet. All I know is that it is not a coincidence and I bet if more people checked, they would see that they are receiving targeted spam through the email account used for their Comcast account.

2

0

U

user_9e6fd9

Visitor

•

5 Messages

@iklopez501 yeah there is a chance they created a marketing campaign (which is fine I'm not criticizing that) and whoever instrument was used to deliver such campaign maybe leaked your email and mine, no actual account compromised but still data associated

I did not really care but now that I spoke with someone at the Security Desk I'm just not happy on how they handle these incidents, was expecting at least a path to get it investigated but they shut the door just on your face, giving you the runaround that they want you to secure your account and blah blah blah (told them I already did this morning) yet they say that's the only thing they can do "be sure your account is safe"

We are not going to get anywhere but thank you for posting your experience

3 years ago

0

XfinityRoberto

Official Employee

•

1.7K Messages

I am sorry you felt this way by our CSA team. You can always go online to https://comca.st/35XObpG or any other concerns you have.

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer. tick

3 years ago

0

rightfooted

Expert

•

1.4K Messages

3 years ago

There was no data breach. According to Comcast, “The database in question contained only simulated data, with no real employee, customer or company data, outside of four publicly available Comcast email addresses. The database was used for software development purposes and was inadvertently exposed to the Internet. It was quickly closed when the researcher alerted us of the issue. We value the work of independent security researchers in helping us to make our products and services safer and thank the researcher for his responsible disclosure in this matter.”

See the article at https://www.securitymagazine.com/articles/94550-researchers-discover-exposed-comcast-database-containing-15-billion-records .

4

0

U

user_9e6fd9

Visitor

•

5 Messages

@rightfooted this was years ago and not exactly what we are discussing here, we are discussing very good recent (last 4 days or so) targeted emails to specific unique customer provided own addresses that only exists within Comcast's database and nowhere else, these phising emails bypassed most phising and junk filters and Comcast:

1. Hasn't even yet found out about it (unlikely with all their SIEM's and ML platforms)

2. Knows about it and it is investigating but not yet reported

3. Knows about it, investigated and did not say anything or the compromise was very small

I have to go with 2., I don't think them being a public corporation can just sweep it under the rug and I don't think they don't know about it either.

3 years ago

0

XfinityRoberto

Official Employee

•

1.7K Messages

@user_9e6fd9, I am sorry to hear that they were not able to assist you. If you get an email about the leaked data, I would definitely recommend contacting our CSA team.

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer. tick

3 years ago

0

U

user_9e6fd9

Visitor

•

5 Messages

@XfinityRoberto thank you, I did contacted them, I'm sure someone is aware already ... no biggie, have a great weekend

3 years ago

0

XfinityRoberto

Official Employee

•

1.7K Messages

You're welcome. Our CSA Team is always making sure to protect our customers private information. Thank you for reaching out again about your concerns. Please take care and have a wonderful rest of your weekend.

I am an Official Xfinity Employee.
Official Employees are from multiple teams within Xfinity: CARE, Product, Leadership.
We ask that you post publicly so people with similar questions may benefit from the conversation.
Was your question answered? Please, mark a reply as the Accepted Answer. tick

3 years ago

0

Customer Service

iklopez501

Data Leak

user_9e6fd9

CCAshley1

user_9e6fd9

CCChe

iklopez501

user_9e6fd9

XfinityRoberto

rightfooted

user_9e6fd9

XfinityRoberto

user_9e6fd9

XfinityRoberto

New to the Community?