Comcast has confirmed that hackers exploiting a security vulnerability rated critical accessed the sensitive information of nearly 36 million Xfinity customers.
This vulnerability, known as “CitrixBleed”, is found in Citrix networking devices often used by large companies and has been widely exploited by hackers since late August. Citrix made patches available in early October, but many organizations did not patch in time. Hackers have used the CitrixBleed vulnerability to breach big names including aerospace giant Boeing, Industrial and Commercial Bank of China and international law firm Allen & Overy.
Xfinity, Comcast’s cable TV and Internet division, has become the latest victim of CitrixBleed, the company confirmed in notice to customers on Monday.
The US telecom giant said hackers exploiting the CitrixBleed vulnerability accessed its internal systems between October 16 and October 19, but that the company did not detect the “malicious activity” until October 25.
By Nov. 16, Xfinity determined that “information may have been obtained” by the hackers, and in December, the company concluded that it included customer data, including usernames and “hashed” passwords, which are encoded and stored in a way which makes them unreadable. to the people. It’s not immediately clear how the passwords were scrambled or what algorithm was used, as some weaker hashing algorithms can be broken.
The company says that for an unspecified number of customers, hackers may also have access to their names, contact information, dates of birth, the last four digits of their Social Security numbers and their secret questions and answers.
Comcast notes that “our analysis of data is ongoing and we will provide additional notifications as appropriate,” indicating that additional types of data may also have been accessed.
The notice did not say how many Xfinity customers have been affected, and Comcast spokesman Joel Shadle declined to say when asked by TechCrunch. In a filing with the Maine attorney general, Comcast confirmed that nearly 35.8 million customers are affected by the breach. The latest from Comcast earnings report shows the company has more than 32 million broadband customers, suggesting that this breach has affected most, if not all, Xfinity customers.
It is not yet known if Xfinity received a ransom demand, how the incident affected the company’s operators, or if the incident has been filed with the US Securities and Exchange Commission, as required by the regulator’s new data breach reporting rules. The Comcast spokesman did not say.
“We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” Shadle said in an email to TechCrunch.
Xfinity says it requires customers to reset their passwords and recommends using two-factor or multi-factor authentication — which the company doesn’t require by default — for all customer accounts.
Updated with additional comment from Comcast.
Read more at TechCrunch:
