Comcast Cable Communications, doing business arsenic Xfinity, disclosed connected Monday that attackers who breached 1 of its Citrix servers successful October besides stole customer-sensitive accusation from its systems.
On October 25, astir 2 weeks aft Citrix released information updates to reside a captious vulnerability now known arsenic Citrix Bleed and tracked arsenic CVE-2023-4966, nan telecommunications institution recovered grounds of malicious activity connected its web betwixt October 16 and October 19.
Cybersecurity institution Mandiant says nan Citrix flaw had been actively exploited arsenic a zero-day since astatine slightest precocious August 2023.
Following an investigation into nan effect of nan information breach, Xfinity discovered connected November 16 that nan attackers besides exfiltrated information belonging to 35,879,455 people from its systems.
"After further reappraisal of nan affected systems and data, Xfinity concluded connected December 6, 2023, that nan customer accusation successful scope included usernames and hashed passwords," nan institution said.
"[F]or immoderate customers, different accusation whitethorn besides person been included, specified arsenic names, interaction information, past 4 digits of societal information numbers, dates of commencement and/or concealed questions and answers. However, nan information study is continuing."
Users' passwords reset without immoderate info
While Xfinity says it has asked users to reset their passwords to protect affected accounts, customers report that they had been getting password reset requests past week without immoderate denotation arsenic to why that was happening.
"To protect your account, we person proactively asked you to reset your password. The adjacent clip you login to your Xfinity account, you will beryllium prompted to alteration your password, if you haven't been asked to do truthful already," nan institution says successful a data breach notice published connected its website.
One twelvemonth ago, Xfinity customers besides had their accounts hacked successful wide credential stuffing attacks bypassing two-factor authentication.
Compromised accounts were past utilized to reset relationship passwords for different services, including nan Coinbase and Gemini crypto exchanges.
Update December 18, 19:08 EST: A Comcast spokesperson shared nan pursuing connection pinch BleepingComputer aft nan article was published but didn't stock much specifications connected nan number of individuals affected by nan information breach. The institution added that its operations were not impacted and that it received nary ransom request aft nan incident.
We are providing announcement to customers astir a information information incident which exploited a vulnerability antecedently announced by Citrix, a package supplier utilized by Xfinity and thousands of different companies worldwide. We promptly patched and mitigated nan vulnerability. We are not alert of immoderate customer information being leaked anywhere, nor of immoderate attacks connected our customers.
In addition, we required our customers to reset their passwords and we powerfully urge that they alteration two-factor aliases multi-factor authentication, arsenic galore Xfinity customers already do. We return nan work to protect our customers very earnestly and person our cybersecurity squad monitoring 24x7.
Update December 19, 05:40 EST: Added info connected nan number of group affected by nan information breach.