Citrix Vulnerability Hits Xfinity; Hackers Access Data of Almost 36 Million Users

Xfinity urges users to change their passwords immediately.

In a startling revelation, Comcast acknowledges a major cybersecurity breach affecting nearly 36 million Xfinity customers, with hackers exploiting the critical-rated "CitrixBleed" vulnerability

Understanding the CitrixBleed Vulnerability

Citrix Vulnerability Hits Xfinity; Hackers Access Data of Almost 36 Million Users
In a new report, Comcast said that hackers have accessed the sensitive data from nearly 36 million Xfinity customers. The "CitrixBleed" vulnerability has been used for mass exploitation. Kevin Ku from Unsplash

According to a report by The Verge, CitrixBleed vulnerability, a security flaw was plaguing Citrix networking devices widely utilized by major corporations.

The cybersecurity experts gave the timeline of mass exploitation by hackers. According to them, it commenced in late August, despite Citrix releasing patches in early October.

Shockingly, prominent entities such as Boeing, the Industrial and Commercial Bank of China, and Allen & Overy fell victim to this vulnerability.

Xfinity is CitrixBleed's Latest Casualty

Comcast's cable television and internet division, Xfinity, falls prey to the CitrixBleed vulnerability, as confirmed by the company in a customer notice. Hackers infiltrated Xfinity's internal systems between Oct. 16 and Oct. 19, with the company detecting the breach on Oct. 25.

Hackers Likely Stole Confidential Data From Victims

Xfinity acknowledges that hackers likely obtained sensitive information, including usernames and hashed passwords on Nov. 16. The extent of the breach expands to encompass customer data such as names, contact details, dates of birth, the last four digits of Social Security numbers, and security questions and answers.

Comcast remains vigilant, indicating ongoing data analysis and a commitment to providing further notifications as needed.

Magnitude of the Breach

Despite the undisclosed number of affected Xfinity customers, a filing with Maine's attorney general reveals that approximately 35.8 million individuals are impacted.

Considering Comcast's extensive customer base, with over 32 million broadband subscribers, it appears that the breach has ramifications for a significant portion, if not all, of Xfinity's customers.

How to Protect Yourself From CitrixBleed Vulnerability

Xfinity takes proactive measures in response to the breach, mandating customers to reset their passwords. Additionally, the company advocates for the adoption of two-factor or multi-factor authentication, emphasizing an extra layer of security for all customer accounts.

Several questions loom over the incident, such as the existence of a ransom demand, the impact on the company's operations, and compliance with the U.S. Securities and Exchange Commission's data breach reporting rules.

Comcast remains tight-lipped on these matters, leaving room for continued speculation and concern within the cybersecurity landscape.

"We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers," Shadle told TechCrunch via email.

Speaking of Xfinity, Comcast reportedly cut the free Peacock Premium service to Xfinity users. According to Tech Times, the monthly fee for this service typically falls at almost $5. Since 2020, there have been no extra fees charged to customers.

After this move, Xfinity proposed the rollout of a discounted version of Peacock Premium. This served as an alternative to the phased-out service.

Read Also: Play Ransomware Gang Claims Responsibility For Stanley Steemer Cyberattack in March: Nearly 68,000 People Affected

Joseph Henry
Tech Times
ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics