HQ/EMEAFind out how we can help your business
Operating under the Xfinity brand, Comcast Cable Communications disclosed a significant data breach impacting approximately 35 million individuals. The breach allegedly came from hackers who infiltrated one of Xfinity’s Citrix servers in October but was only recently brought to light.
The security incident traces back to a critical vulnerability known as Citrix Bleed (CVE-2023-4966), which had been the primary target for various hackers as a zero-day since late August. This vulnerability prompted Citrix to release security patches on October 11, but the attackers had already gained access to Xfinity’s network between October 16 and October 19.
The investigation process launched by Xfinity has brought some bad news.
Xfinity initiated an investigation after discovering the attack. However, the assessment of the situation led to the unsettling revelation on November 16. The investigation confirmed that attackers had exfiltrated the sensitive customer information of about 35,879,455 individuals.
The confirmed information that is present in all customers are usernames and hashed passwords. Additionally, for some customers, the compromised data included names, contact information, last four digits of social security numbers, dates of birth, and secret questions and answers. Moreover, Xfinity noted that their ongoing data analysis indicates potential further revelations.
To mitigate risks, Xfinity proactively prompted users to reset their passwords. However, customers reported receiving password reset requests without any accompanying explanation, which is a red flag as other hackers might have exploited these notifications. On the other hand, the compromised company addressed this concern in a breach notification on its website, assuring users that the password reset came from them to protect their users’ accounts.
This incident is not the first time Xfinity users have faced such security challenges. A year ago, widespread credential stuffing attacks compromised accounts and bypassed two-factor authentication. Hackers exploited compromised accounts to reset passwords for various services, including high-profile targets like Coinbase and Gemini crypto exchanges.
The recurrence of security flaws within Xfinity’s cybersecurity measures has raised questions about its ability to protect customer data. In an era where data breaches have become prevalent, clients are anxious about the overall security posture of the companies they entrust with their sensitive information.
