Comcast Cable Communications, doing enterprise as Xfinity, disclosed on Monday that attackers who breached one among its Citrix servers in October additionally stole customer-sensitive data from its programs.
On October 25, roughly two weeks after Citrix launched safety updates to handle a important vulnerability now generally known as Citrix Bleed and tracked as CVE-2023-4966, the telecommunications firm discovered proof of malicious exercise on its community between October 16 and October 19.
Cybersecurity firm Mandiant says the Citrix flaw had been actively exploited as a zero-day since no less than late August 2023.
Following an investigation into the affect of the safety breach, Xfinity found on November 16 that the attackers additionally exfiltrated information belonging to an undisclosed variety of prospects from its programs.
“After further assessment of the affected programs and information, Xfinity concluded on December 6, 2023, that the client data in scope included usernames and hashed passwords,” the corporate stated.
“[F]or some prospects, different data can also have been included, comparable to names, contact data, final 4 digits of social safety numbers, dates of start and/or secret questions and solutions. Nonetheless, the info evaluation is continuous.”
Customers’ passwords reset with none information
Whereas Xfinity says it has requested customers to reset their passwords to guard affected accounts, prospects report that that they had been getting password reset requests final week with none indication as to why that was taking place.
“To guard your account, now we have proactively requested you to reset your password. The following time you login to your Xfinity account, you may be prompted to vary your password, if you have not been requested to take action already,” the corporate says in a information breach discover revealed on its web site.
One yr in the past, Xfinity prospects additionally had their accounts hacked in widespread credential stuffing assaults bypassing two-factor authentication.
Compromised accounts had been then used to reset account passwords for different companies, together with the Coinbase and Gemini crypto exchanges.
Replace December 18, 19:08 EST: A Comcast spokesperson shared the next assertion with BleepingComputer after the article was revealed however did not share extra particulars on the variety of people affected by the info breach. The corporate added that its operations weren’t impacted and that it acquired no ransom demand after the incident.
We’re offering discover to prospects a couple of information safety incident which exploited a vulnerability beforehand introduced by Citrix, a software program supplier utilized by Xfinity and hundreds of different firms worldwide. We promptly patched and mitigated the vulnerability. We’re not conscious of any buyer information being leaked anyplace, nor of any assaults on our prospects.
As well as, we required our prospects to reset their passwords and we strongly suggest that they allow two-factor or multi-factor authentication, as many Xfinity prospects already do. We take the accountability to guard our prospects very significantly and have our cybersecurity staff monitoring 24×7.
