Comcast Cable Communications – the legal name behind the Xfinity brand which is primarily a telecommunications service provider – disclosed a data breach had taken place on Monday and started to inform their affected customers.
To finish off what has been a record-breaking year for hacks, on Monday 18 December a breach notice disclosed the scale of the intrusion on the government website for Maine.
The company is still investigating the data breach which they believe took place in mid-November and they know that the hackers gained access by exploiting a third party vulnerability known as Citrix Bleed.
What is the “Citrix Bleed”?
The ordeal started in early October when cloud computing company Citrix, who are a third-party provider to Xfinity and many other companies, discovered the flaw.
Citrix Bleed – tracked as CVE-2023-4966 – was found to have been exploited by malicious actors since at least late August 2023, according to cyber-security company Mandiant.
On October 10 Citrix urged all of its customers to install the software update to patch the vulnerability as soon as possible and in late October gave their customers further mitigation guidance.
🔎 Want to browse the web privately? 🌎 Or appear as if you're in another country?
Get a huge 86% off Surfshark with this special tech.co offer.
Following investigations into the Citrix Bleed, Xfinity discovered the “unauthorized access” to its own internal systems via the same vulnerability and notified federal authorities on November 16.
The telco company said it had “promptly patched and mitigated the vulnerability,” in a statement for the media. The company investigated the infiltration in more depth and disclosed more details to its customers on December 18.
What Customer Data was Stolen?
The company has disclosed that customer data which was stolen were customer usernames and hashed passwords. In addition, for some customers other information may have also been stolen such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. Around 35 million customers are said to have been affected.
All Xfinity customers should be aware that when they next login to their Xfinity account they will have to reset their passwords regardless of whether their data was stolen or not as an extra safety precaution.
The Xfinity statement read “we are not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” but insist they are monitoring the ongoing situation 24/7.
The company strongly advises their customers to use two-factor or multi-factor authentication for added security. Customers with questions can contact Xfinity’s dedicated call center at 888-799-2560 toll-free at any time or review their data security incident notice for more guidance.