Data breaches are a plague on society that seem to be getting worse. The massive breach at Equifax we recently told you about exposed sensitive information of over 145 million Americans. Yikes!
That is just one horrifying example. There have been plenty of others over the past few years. From retail stores to popular chain restaurants to even medical records from hospitals. No one is safe.
Well, here we go again. Another huge breach has just been found. This one is from one of the most popular cable TV and internet providers in the U.S.
Millions of customer data exposed
We’re talking about telecom company, Comcast Xfinity. Security researcher Ryan Stevenson just found a couple of major flaws in the company’s system that would allow cybercriminals to steal data from over 26 million customers.
The first vulnerability is kinda crazy. The company has an online customer portal that makes it easy for them to pay their bill without having to sign in to their account.
All the customer needed to do was go to an in-home authentication page and verify their account by selecting their home address from a list of four potential addresses. If a hacker was able to get a hold of a customer’s IP address, they could spoof Comcast using an X-forwarded-for technique.
Then, they could go through the process of selecting the home address. You can hit refresh multiple times, with new address options showing up each time. Except of course the real address will be there every time, tipping off the crook to the real one.
Image: Xfinity in-home authenticator. (Source: BuzzFeed)
That would unlock the door to a bunch of personal information that could lead to identity theft. Not good!
Another flaw was discovered on a sign-up page for authorized Comcast retailers. This one, when combined with the previously mentioned flaw, would give the hacker access to customers’ last four digits of their Social Security number. Knowing someone’s last four Social Security numbers could let a criminal trick customer service reps into handing over online account access.
The good news is once Comcast learned of the flaws, they were patched immediately. Unfortunately, they don’t know if any criminals had already exploited them.
Is there anything we can do now?
Whenever a major data breach occurs, there are security steps that we should all take. Here are some suggestions.
Keep an eye on your bank accounts
You should already be frequently checking your bank statements, looking for suspicious activity. It’s even more critical when there is a massive data breach. Thieves could have stolen enough information to break into financial accounts.
If you see anything that seems strange, report it immediately to your bank. It’s the best way to keep your financial accounts safe.
Set up two-factor authentication
Two-factor authentication (2FA), also known as two-step verification, means that to log into your account, you need two ways to prove you are who you say you are. This is an extra layer of security that will help keep your accounts safe.
With 2FA set up on your accounts, a thief will need more than just a stolen password to break in. Click here to learn how to set up two-factor authentication.
Change your password
Whenever you hear news of a data breach, it’s a good idea to change your account passwords. This is especially true if you use the same credentials for multiple websites. If your credentials are stolen from a breach, criminals can test them on other sites to log into those accounts as well.
Another mistake people make is creating passwords that are too easy for hackers to crack. Many passwords exposed in this Limogés Jewelry breach were just too uncomplicated. Even if they were encrypted, they would have been easy for hackers to crack with a password guessing tool in just seconds. Read this article to help you create hack-proof passwords.
Beware of phishing scams
Scammers will try and piggyback on data breaches like this. They will create phishing emails, pretending to be from Comcast Xfinity, hoping to get victims to click on malicious links that could lead to more problems.
That’s why you should familiarize yourself with what phishing scams look like so you can avoid falling victim to one. Take our phishing IQ test to see if you can spot a fake email.
Get a free annual credit report
Under federal law, you are entitled to a free copy of your credit report every year from the three major credit reporting agencies, Experian, Equifax and TransUnion. It’s a good idea to check your credit report following data breaches to make sure everything is on the up-and-up. Click here to learn how to get a copy of your free annual credit report.