Comcast Cable Communications, doing enterprise as Xfinity, disclosed on Monday that attackers who breached considered one of its Citrix servers in October additionally stole customer-sensitive info from its programs.
On October 25, roughly two weeks after Citrix launched security updates to handle a crucial vulnerability now often known as Citrix Bleed and tracked as CVE-2023-4966, the telecommunications firm discovered proof of malicious exercise on its community between October 16 and October 19.
Cybersecurity firm Mandiant says the Citrix flaw had been actively exploited as a zero-day since at the least late August 2023.
Following an investigation into the influence of the security breach, Xfinity found on November 16 that the attackers additionally exfiltrated knowledge belonging to 35,879,455 individuals from its programs.
“After extra overview of the affected programs and knowledge, Xfinity concluded on December 6, 2023, that the shopper info in scope included usernames and hashed passwords,” the corporate mentioned.
“[F]or some clients, different info may additionally have been included, resembling names, contact info, final 4 digits of social security numbers, dates of start and/or secret questions and solutions. Nevertheless, the info evaluation is constant.”
Customers’ passwords reset with none data
Whereas Xfinity says it has requested customers to reset their passwords to guard affected accounts, clients report that that they had been getting password reset requests final week with none indication as to why that was taking place.
“To guard your account, now we have proactively requested you to reset your password. The subsequent time you login to your Xfinity account, you may be prompted to vary your password, if you have not been requested to take action already,” the corporate says in a data breach discover revealed on its web site.
One 12 months in the past, Xfinity clients additionally had their accounts hacked in widespread credential stuffing assaults bypassing two-factor authentication.
Compromised accounts had been then used to reset account passwords for different companies, together with the Coinbase and Gemini crypto exchanges.
Replace December 18, 19:08 EST: A Comcast spokesperson shared the next assertion with BleepingComputer after the article was revealed however did not share extra particulars on the variety of people affected by the data breach. The corporate added that its operations weren’t impacted and that it acquired no ransom demand after the incident.
We’re offering discover to clients a couple of knowledge security incident which exploited a vulnerability beforehand introduced by Citrix, a software program supplier utilized by Xfinity and 1000’s of different corporations worldwide. We promptly patched and mitigated the vulnerability. We aren’t conscious of any buyer knowledge being leaked anyplace, nor of any assaults on our clients.
As well as, we required our clients to reset their passwords and we strongly advocate that they permit two-factor or multi-factor authentication, as many Xfinity clients already do. We take the accountability to guard our clients very severely and have our cybersecurity crew monitoring 24×7.
Replace December 19, 05:40 EST: Added data on the variety of individuals affected by the data breach.
