36 million people affected by data breach at Xfinity

Siva Ramakrishnan
Cable TV and internet service provider Xfinity says a breach linked to a widespread vulnerability in Citrix technology exposed data of about nearly 36 million people in mid-October.

Cable TV and internet service provider Xfinity says a breach linked to a widespread vulnerability in Citrix technology exposed data of about nearly 36 million people in mid-October.

The intrusion happened between October 16-19, after Citrix had announced the bug but before Xfinity patched its systems, the Philadelphia-based company said in a notification filed Monday with Maine regulators.

The vulnerability, known as “Citrix Bleed” and tracked by researchers as CVE-2023-4966, affects NetScaler ADC and NetScaler Gateway appliances used by companies to manage network traffic.

Since Citrix announced the bug on October 10, it has prompted warnings from cybersecurity experts and the federal government about exploitation by malicious hackers. Cybercrime groups are suspected to have used it in attacks against the healthcare, aviation, banking and manufacturing sectors, among others.

Xfinity — a division of Comcast Corp., which also runs entertainment company NBCUniversal — said it patched its systems on October 23 after Citrix issued additional guidance.

The regulatory filing does not specify exactly when Xfinity discovered the breach. On November 16, after the company had notified law enforcement and conducted an investigation, Xfinity “determined that information was likely acquired,” the regulatory filing said.

The information included “usernames and hashed passwords; for some customers, other information was also included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers.”

Xfinity said it is still analyzing the breach and is telling customers that it will “provide additional notices as appropriate.”

The company is asking customers to reset their passwords and is urging them to add two-factor authentication to their accounts.

BriefsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Joe Warminsky is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.

 

Total
0
Shares
Previous Post

Global law enforcement seizes $300 million, arrests 3,500 involved in transnational cybercrime operation

Next Post

FBI posts takedown notice on AlphV ransomware group’s website

Related Posts

TechEd 2024

May 21-23, 2024Location: Prague, Czech Republic The upcoming event TechEd 2024 the largest Czech&Slovak IT conference has arrived!…
Avatar
Read More

New “Raptor Train” IoT Botnet Compromises Over 200,000 Devices Worldwide

Cybersecurity researchers have uncovered a never-before-seen botnet comprising an army of small office/home office (SOHO) and IoT devices that are likely operated by a Chinese nation-state threat actor called Flax Typhoon (aka Ethereal Panda or RedJuliett). The sophisticated botnet, dubbed Raptor Train by Lumen's Black Lotus Labs, is believed to have been operational since at least May 2020,
Avatar
Read More