Article Details
Scrape Timestamp (UTC): 2023-12-19 00:06:57.859
Original Article Text
Click to Toggle View
Xfinity discloses data breach after recent Citrix server hack. Comcast Cable Communications, doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems. On October 25, roughly two weeks after Citrix released security updates to address a critical vulnerability now known as Citrix Bleed and tracked as CVE-2023-4966, the telecommunications company found evidence of malicious activity on its network between October 16 and October 19. Cybersecurity company Mandiant says the Citrix flaw had been actively exploited as a zero-day since at least late August 2023. Following an investigation into the impact of the security breach, Xfinity discovered on November 16 that the attackers also exfiltrated data belonging to an undisclosed number of customers from its systems. "After additional review of the affected systems and data, Xfinity concluded on December 6, 2023, that the customer information in scope included usernames and hashed passwords; for some customers, other information may also have been included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, the data analysis is continuing," the company said. Users' passwords reset without any info While Xfinity says it has asked users to reset their passwords to protect affected accounts, customers report that they had been getting password reset requests last week without any indication as to why that was happening. "To protect your account, we have proactively asked you to reset your password. The next time you login to your Xfinity account, you will be prompted to change your password, if you haven't been asked to do so already," the company says in a data breach notice published on its website. An Xfinity spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today. One year ago, Xfinity customers also had their accounts hacked in widespread credential stuffing attacks bypassing two-factor authentication. Compromised accounts were then used to reset account passwords for other services, including the Coinbase and Gemini crypto exchanges.
Daily Brief Summary
Comcast's Xfinity confirmed a data breach resulting from a hacked Citrix server.
The intrusion was detected after attackers exploited a critical Citrix vulnerability known as CVE-2023-4966.
The security breach, occurring between October 16 and October 19, was investigated and confirmed stolen customer data on November 16.
Compromised information includes usernames, hashed passwords, and potentially additional personal data.
Xfinity has responded by prompting users to reset passwords, though reasons for resets were not initially communicated to customers.
This incident follows a previous breach a year ago where Xfinity accounts were hacked and used to compromise other service accounts like Coinbase and Gemini.
The ongoing investigation aims to understand the full scope and impact of the breach while Xfinity heightens security measures to protect user accounts.