Comcast Cable Communications, doing enterprise as Xfinity, disclosed on Monday that attackers who breached considered one of its Citrix servers in October additionally stole customer-sensitive info from its techniques.
On October 25, roughly two weeks after Citrix launched safety updates to handle a crucial vulnerability now often called Citrix Bleed and tracked as CVE-2023-4966, the telecommunications firm discovered proof of malicious exercise on its community between October 16 and October 19.
Cybersecurity firm Mandiant says the Citrix flaw had been actively exploited as a zero-day since a minimum of late August 2023.
Following an investigation into the affect of the safety breach, Xfinity found on November 16 that the attackers additionally exfiltrated information belonging to an undisclosed variety of clients from its techniques.
“After extra assessment of the affected techniques and information, Xfinity concluded on December 6, 2023, that the shopper info in scope included usernames and hashed passwords,” the corporate mentioned.
“[F]or some clients, different info might also have been included, similar to names, contact info, final 4 digits of social safety numbers, dates of start and/or secret questions and solutions. Nonetheless, the info evaluation is constant.”
Customers’ passwords reset with none data
Whereas Xfinity says it has requested customers to reset their passwords to guard affected accounts, clients report that that they had been getting password reset requests final week with none indication as to why that was occurring.
“To guard your account, we now have proactively requested you to reset your password. The following time you login to your Xfinity account, you may be prompted to alter your password, if you have not been requested to take action already,” the corporate says in a information breach discover printed on its web site.
One yr in the past, Xfinity clients additionally had their accounts hacked in widespread credential stuffing assaults bypassing two-factor authentication.
Compromised accounts have been then used to reset account passwords for different companies, together with the Coinbase and Gemini crypto exchanges.
Replace December 18, 19:08 EST: A Comcast spokesperson shared the next assertion with BleepingComputer after the article was printed however did not share extra particulars on the variety of people affected by the info breach. The corporate added that its operations weren’t impacted and that it obtained no ransom demand after the incident.
We’re offering discover to clients a few information safety incident which exploited a vulnerability beforehand introduced by Citrix, a software program supplier utilized by Xfinity and 1000’s of different corporations worldwide. We promptly patched and mitigated the vulnerability. We’re not conscious of any buyer information being leaked wherever, nor of any assaults on our clients.
As well as, we required our clients to reset their passwords and we strongly suggest that they permit two-factor or multi-factor authentication, as many Xfinity clients already do. We take the accountability to guard our clients very severely and have our cybersecurity workforce monitoring 24×7.
