Source: heimdalsecurity.com – Author: Cristian Neagu
Citrix bugs caused a lot of problems throughout the year, and as we’re closing down 2023, it seems it’s not over. This time, Xfinity, Comcast’s cable television and internet division has been the victim of a data breach caused by the Citrix bug.
Almost every customer of Xfinity was impacted, as attackers accessed tens of millions of usernames and hashed passwords.
What Caused the Breach? The Citrix Bleed Bug
According to Xfinity’s breach notification letter, the US telecom giant was breached in mid-October, and the attackers most likely roamed the company’s Citrix server for three days. With a staggering 35.9 million persons affected overall, as per the information Xfinity provided to the Maine Attorney General’s office, this breach ranks among the biggest of 2023.
Over 32 million people use Comcast’s broadband service, according to the company’s most recent quarterly earnings report. The corporation has more than five million mobile clients as well, indicating that almost all of its user base was affected by the incident.
Citrix released the fix for the software bug known as ‘Citrix Bleed’ on October 10th, however, Comcast patched the bug only on October 23rd.
What Data Was Exposed?
According to the company’s statements, the attackers accessed Xfinity customers’ usernames and hashed passwords. Some customers had additional data exposed, such as:
- Names;
- Contact information;
- Social Security numbers;
- Dates of birth;
- Secret questions and answers.
To protect its customers, Xfinity said that it will ask users to reset their passwords the next time they log in to their accounts. The company also advised users to enable two-factor authentication or multi-factor authentication.
While we advise customers not to re-use passwords across multiple accounts, if you do use the same information elsewhere, we recommend that you change the information on those other accounts, as well.
Xfinity Statement Regarding Its Customers’ Security
Comcast Cable Communications, the formal name of Xfinity, was established as a stand-alone brand from Comcast in 2010. The business declared sales of more than $66 billion in 2022.
If you liked this article, follow us on LinkedIn, Twitter, Facebook, and Youtube for more cybersecurity news and topics.
If you liked this post, you will enjoy our newsletter.
Get cybersecurity updates you’ll actually want to read directly in your inbox.
Original Post URL: https://heimdalsecurity.com/blog/comcasts-xfinity-breach/
Category & Tags: Uncategorized – Uncategorized
