Ransomware hackers are proving to be more active in the last couple of weeks as they affect several tech companies. The latest to fall victim to threat actors is telecommunications company Xfinity, impacting tens of millions of customers.
Xfinity Breach
Xfinity's parent company Comcast has confirmed that hackers have exploited a vulnerability in the system and managed to steal loads of data from Xfinity customers. According to reports, the breach goes as far back as August.
The vulnerability in question is called "Citrix Bleed," which can be found in Citrix networking devices that are used by known companies like Boeing, the Industrial and Commercial Bank of China, and law firm Allen & Overy, as reported by Tech Crunch.
The hackers were within the system between October 16th to 19th, but the company wasn't able to detect the malicious activity until October 25th. By December 6th, Xfinity revealed that the hackers stole data like usernames and scrambled passwords.
Fortunately for customers, the passwords are mixed up in a way that humans cannot read them. The bad news is that if the algorithm used to scramble them is too weak, the threat actors might be able to crack and obtain unmixed passwords.
Comcast spokesperson Joel Shadle refused to disclose how many customers had more of their data revealed, which includes names, contact information, dates of birth, the last four digits of Social Security numbers, and answers to security questions.
Currently, Comcast only confirmed that there was an attack. There is still no news if the threat actors provided a ransom amount. In Shadle's latest statement, it was expressed that so far, no customer data has been revealed to the public or exploited.
Xfinity not only recommends but requires impacted customers to reset their passwords to avoid further attacks. It was also advised that two-factor or multi-factor authentication can be utilized to strengthen the security of an account.
Read Also: Hulu Now Has Its Own Tab on the Disney+ App
Ransomware in the Gaming Industry
Video game studio Insomniac Games has also suffered a ransomware attack rather recently, which led to more than 1.3 million files being released. Launched by the Rhysida ransomware group, they acquired details about both company employees and upcoming games.
It's still unknown how much data was actually stolen, but the 1.3 million files amounted to 1.67 terabytes of data. With these public releases, several upcoming titles were revealed, reaching up to games that are set to release in 2029 and 2033, as per The Verge.
Since the ransomware group leaked the files before they sent a ransom of 50 bitcoins or around $2 million, it means that they have more unreleased data. Sony stated that they had "no reason to believe that any other SIE or Sony divisions have been impacted."
Some of the game titles under Insomniac and Sony games were Wolverine, which is just one of the three games that both companies have planned for an "X-Men" franchise. For Spider-Man fans, they might be glad to know that there is already a plan for a third game in the franchise.
Related: Sony is 'Currently Investigating' Alleged Insomniac Games Ransomware Hacking
