36 million people affected by data breach at Xfinity

Siva Ramakrishnan
Cable TV and internet service provider Xfinity says a breach linked to a widespread vulnerability in Citrix technology exposed data of about nearly 36 million people in mid-October.

Cable TV and internet service provider Xfinity says a breach linked to a widespread vulnerability in Citrix technology exposed data of about nearly 36 million people in mid-October.

The intrusion happened between October 16-19, after Citrix had announced the bug but before Xfinity patched its systems, the Philadelphia-based company said in a notification filed Monday with Maine regulators.

The vulnerability, known as “Citrix Bleed” and tracked by researchers as CVE-2023-4966, affects NetScaler ADC and NetScaler Gateway appliances used by companies to manage network traffic.

Since Citrix announced the bug on October 10, it has prompted warnings from cybersecurity experts and the federal government about exploitation by malicious hackers. Cybercrime groups are suspected to have used it in attacks against the healthcare, aviation, banking and manufacturing sectors, among others.

Xfinity — a division of Comcast Corp., which also runs entertainment company NBCUniversal — said it patched its systems on October 23 after Citrix issued additional guidance.

The regulatory filing does not specify exactly when Xfinity discovered the breach. On November 16, after the company had notified law enforcement and conducted an investigation, Xfinity “determined that information was likely acquired,” the regulatory filing said.

The information included “usernames and hashed passwords; for some customers, other information was also included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers.”

Xfinity said it is still analyzing the breach and is telling customers that it will “provide additional notices as appropriate.”

The company is asking customers to reset their passwords and is urging them to add two-factor authentication to their accounts.

BriefsCybercrime
Get more insights with the

Recorded Future

Intelligence Cloud.

Learn more.

No previous article

No new articles

Joe Warminsky is the news editor for Recorded Future News. He has more than 25 years experience as an editor and writer in the Washington, D.C., area. Most recently he helped lead CyberScoop for more than five years. Prior to that, he was a digital editor at WAMU 88.5, the NPR affiliate in Washington, and he spent more than a decade editing coverage of Congress for CQ Roll Call.

 

Total
0
Shares
Leave a Reply

Your email address will not be published. Required fields are marked *

Previous Post

Global law enforcement seizes $300 million, arrests 3,500 involved in transnational cybercrime operation

Next Post

FBI posts takedown notice on AlphV ransomware group’s website

Related Posts

GTPDOOR Linux Malware Targets Telecoms, Exploiting GPRS Roaming Networks

Threat hunters have discovered a new Linux malware called GTPDOOR that’s designed to be deployed in telecom networks that are adjacent to GPRS roaming exchanges (GRX) The malware is novel in the fact that it leverages the GPRS Tunnelling Protocol (GTP) for command-and-control (C2) communications. GPRS roaming allows subscribers to access their GPRS services while they are
Avatar
Read More