According to confirmation from Comcast, hackers have taken advantage of a high-risk security vulnerability to access sensitive information from nearly 36 million Xfinity customers. The vulnerability, known as “CitrixBleed,” is commonly found in networking devices by Citrix, which are frequently used by large corporations. This vulnerability has been widely utilized by hackers since late August, with patches from Citrix only being made available in early October. However, many organizations did not apply the patches in time, leaving them vulnerable to exploitation. As a result, the CitrixBleed vulnerability has been used to target significant victims, including aerospace giant Boeing, the Industrial and Commercial Bank of China, and international law firm Allen & Overy.
In the latest instance of a CitrixBleed attack, Xfinity, Comcast’s cable television and internet division, has become a victim of this security vulnerability. On Monday, the company informed its customers about the incident through a notice.
Comcast has stated that hackers took advantage of the CitrixBleed vulnerability to gain access to their internal systems between October 16 and October 19. However, the company only became aware of the “malicious activity” on October 25. Despite taking measures to contain the situation, Xfinity confirmed that by November 16, the hackers had likely acquired information from their systems. It was later determined that this information included customer data, such as usernames and “hashed” passwords – a method of storing passwords in an unreadable format for humans. It is unclear which algorithm was used to scramble the passwords, but weaker hashing algorithms can easily be cracked by hackers.
The notice issued by Comcast revealed that in addition to usernames and passwords, the hackers may have also accessed the names, contact information, dates of birth, the last four digits of Social Security numbers, and secret questions and answers of an undisclosed number of customers. The company has stated that they are continuing to analyze the data and will provide further notifications as needed. This suggests that additional types of data may have also been affected.
The notice does not specify the exact number of impacted customers, and when asked by TechCrunch, Comcast spokesperson Joel Shadle declined to provide a number. However, in a filing with Maine’s attorney general, Comcast disclosed that nearly 35.8 million customers have been affected by the breach. As per the company’s latest earnings report, it has over 32 million broadband customers, indicating that the majority, if not all, of Xfinity customers have been impacted by this breach.
It is currently unknown if the hackers demanded a ransom for the stolen information, the extent of the impact on the company’s operations, or if the incident has been reported to the U.S. Securities and Exchange Commission, as required by the regulator’s data breach reporting rules. A Comcast spokesperson did not provide any details on these matters.
In light of this breach, Xfinity is taking precautionary measures, including requiring customers to reset their passwords. The company also recommends the use of two-factor or multi-factor authentication, although this is not mandatory for all customer accounts.