Comcast/Xfinity Data Breach

Unfortunately we have another recent data breach to report that potentially affects a large number of members in our SHASS Community and communities like Cambridge where certain broadband companies signed agreements where they are legally the only provider in town.

I. What Happened

On Monday December 18th, Comcast reported to the AG of Maine that a hack from a vulnerability in cloud software company Citrix lead to the exposure of personal and confidential data of 35.8 million Comcast/Xfinity customers.

II. What To Do

All Comcast Xfinity Customers should reset the Passwords of their accunts immediately whether or not they get a notice from Comcast XFinity to do so. In most cases, when you try to log into Comcast, it should ask you to reset your password immediately. If your old Comcast password was used for other accounts, the passwords of those accounts should be changed as well. If folks are comfortable doing so, they should also enable 2 factor authentication on their Comcast/Xfinity account.

As a friendly reminder, the best passwords are long (ideally longer than 12 characters) but easy to remember with at least one capital letter and at least one symbol and one number. 

For example: ExecuteOrder66!

Sites like also have secure password testers to tell you how secure your password is if you would like to try out your new password (or a version of it)

The longer a password is the more difficult it is to hack, but you want it easy to remember. We NEVER recommend doing things like changing i to 1, e to 3, s to 5 and o to Zero in so-called “leet speak” because these types of passwords can be very difficult to remember correctly.

Please let us know if anyone has any questions or concerns.