Tampa Tech Wire - News and Technology From Around The Bay                  

Comcast’s Xfinity Breached: Data of 35 Million Individuals Stolen by Hackers

Facebook
Twitter
LinkedIn
Pinterest
Pocket
WhatsApp
In certain instances, the cyber attackers exclusively acquired usernames and encrypted passwords. However, in other scenarios, they pilfered more extensive information such as contact details and dates of birth.
Xfinity Logo
(David Paul Morris/Bloomberg via Getty Images)

Comcast’s Xfinity suffered a breach in October that led hackers to steal data on 35 million people.  

On Monday, the company began notifying customers about the breach, which involved cybercriminals exploiting a vulnerability in software from cloud computing provider Citrix.

In some cases, the hackers only stole customer usernames and hashed password data, the data breach notice says. But in other cases, the culprits grabbed “names, contact information, last four digits of Social Security numbers, dates of birth and/or secret questions and answers.”

The hackers gained access by capitalizing on the “Citrix Bleed” vulnerability, which first became public on Oct. 10. The flaw affects Citrix’s Netscaler ADC and Gateway, two products used for network optimization and secure traffic management. By exploiting the vulnerability, an attacker can steal authentication cookies to hijack access.  

Hackers, including ransomware gangs, seized on the vulnerability in the ensuing weeks to hit numerous targets, which now includes Xfinity. Comcast says it patched the Citrix vulnerability in its own systems when the official fix and mitigation steps were initially released in October. 

“However, we subsequently discovered that prior to mitigation, between October 16 and October 19, 2023, there was unauthorized access to some of our internal systems that we concluded was a result of this vulnerability,” Xfinity said in the data breach notice. “On November 16, 2023, it was determined that information was likely acquired.” 

On Dec. 6, the company’s investigation determined the scope of the breach. Still, Xfinity is warning that the company’s analysis remains ongoing. 

In a statement, Comcast added: “We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers. In addition, we required our customers to reset their passwords and we strongly recommend that they enable two-factor or multi-factor authentication, as many Xfinity customers already do.”

Facebook
Twitter
LinkedIn
Pinterest
Pocket
WhatsApp
Your subscription could not be saved. Please try again.
Thanks for subscribing!

Newsletter

Never miss any important news. Subscribe to our newsletter.

Leave a Reply

Your subscription could not be saved. Please try again.
Thanks for subscribing!

Newsletter

Never miss any important news. Subscribe to our newsletter.

Latest Jobs

Recent News

Popular

Blog Subscriber Form