Comcast Cable Communications, doing enterprise as Xfinity, disclosed on Monday that attackers who breached one among its Citrix servers in October additionally stole customer-sensitive info from its techniques.
On October 25, roughly two weeks after Citrix launched security updates to deal with a crucial vulnerability now generally known as Citrix Bleed and tracked as CVE-2023-4966, the telecommunications firm discovered proof of malicious exercise on its community between October 16 and October 19.
Cybersecurity firm Mandiant says the Citrix flaw had been actively exploited as a zero-day since at the very least late August 2023.
Following an investigation into the influence of the security breach, Xfinity found on November 16 that the attackers additionally exfiltrated information belonging to an undisclosed variety of prospects from its techniques.
“After further overview of the affected techniques and information, Xfinity concluded on December 6, 2023, that the shopper info in scope included usernames and hashed passwords,” the corporate mentioned.
“[F]or some prospects, different info can also have been included, equivalent to names, contact info, final 4 digits of social security numbers, dates of beginning and/or secret questions and solutions. Nevertheless, the info evaluation is constant.”
Customers’ passwords reset with none information
Whereas Xfinity says it has requested customers to reset their passwords to guard affected accounts, prospects report that that they had been getting password reset requests final week with none indication as to why that was occurring.
“To guard your account, we’ve proactively requested you to reset your password. The following time you login to your Xfinity account, you may be prompted to alter your password, if you have not been requested to take action already,” the corporate says in a data breach discover revealed on its web site.
One yr in the past, Xfinity prospects additionally had their accounts hacked in widespread credential stuffing assaults bypassing two-factor authentication.
Compromised accounts have been then used to reset account passwords for different providers, together with the Coinbase and Gemini crypto exchanges.
Replace December 18, 19:08 EST: A Comcast spokesperson shared the next assertion with BleepingComputer after the article was revealed however did not share extra particulars on the variety of people affected by the data breach. The corporate added that its operations weren’t impacted and that it acquired no ransom demand after the incident.
We’re offering discover to prospects a couple of information security incident which exploited a vulnerability beforehand introduced by Citrix, a software program supplier utilized by Xfinity and 1000’s of different corporations worldwide. We promptly patched and mitigated the vulnerability. We aren’t conscious of any buyer information being leaked anyplace, nor of any assaults on our prospects.
As well as, we required our prospects to reset their passwords and we strongly suggest that they allow two-factor or multi-factor authentication, as many Xfinity prospects already do. We take the accountability to guard our prospects very severely and have our cybersecurity workforce monitoring 24×7.
