Comcast Cable Communications, doing enterprise as Xfinity, disclosed on Monday that attackers who breached one in all its Citrix servers in October additionally stole customer-sensitive data from its methods.
On October 25, roughly two weeks after Citrix launched safety updates to deal with a essential vulnerability now often known as Citrix Bleed and tracked as CVE-2023-4966, the telecommunications firm discovered proof of malicious exercise on its community between October 16 and October 19.
Cybersecurity firm Mandiant says the Citrix flaw had been actively exploited as a zero-day since at the least late August 2023.
Following an investigation into the influence of the safety breach, Xfinity found on November 16 that the attackers additionally exfiltrated knowledge belonging to an undisclosed variety of prospects from its methods.
“After further evaluate of the affected methods and knowledge, Xfinity concluded on December 6, 2023, that the client data in scope included usernames and hashed passwords,” the corporate mentioned.
“[F]or some prospects, different data may additionally have been included, resembling names, contact data, final 4 digits of social safety numbers, dates of delivery and/or secret questions and solutions. Nevertheless, the info evaluation is continuous.”
Customers’ passwords reset with none information
Whereas Xfinity says it has requested customers to reset their passwords to guard affected accounts, prospects report that that they had been getting password reset requests final week with none indication as to why that was taking place.
“To guard your account, we now have proactively requested you to reset your password. The following time you login to your Xfinity account, you’ll be prompted to alter your password, if you have not been requested to take action already,” the corporate says in a knowledge breach discover printed on its web site.
One 12 months in the past, Xfinity prospects additionally had their accounts hacked in widespread credential stuffing assaults bypassing two-factor authentication.
Compromised accounts had been then used to reset account passwords for different companies, together with the Coinbase and Gemini crypto exchanges.
Replace December 18, 19:08 EST: A Comcast spokesperson shared the next assertion with BleepingComputer after the article was printed however did not share extra particulars on the variety of people affected by the info breach. The corporate added that its operations weren’t impacted and that it obtained no ransom demand after the incident.
We’re offering discover to prospects a couple of knowledge safety incident which exploited a vulnerability beforehand introduced by Citrix, a software program supplier utilized by Xfinity and hundreds of different firms worldwide. We promptly patched and mitigated the vulnerability. We’re not conscious of any buyer knowledge being leaked anyplace, nor of any assaults on our prospects.
As well as, we required our prospects to reset their passwords and we strongly advocate that they permit two-factor or multi-factor authentication, as many Xfinity prospects already do. We take the accountability to guard our prospects very significantly and have our cybersecurity group monitoring 24×7.
