Between October 16 and October 19, 2023 [2] [3] [5] [6], an unauthorized party exploited a security vulnerability known as “CitrixBleed” in Citrix networking devices used by Comcast Cable’s Xfinity brand. This breach resulted in the compromise of sensitive information belonging to nearly 36 million Xfinity customers.

Description

Although patches for the vulnerability had been available since October, the breach went undetected until October 25. The compromised customer data includes usernames, hashed passwords [2] [3] [4] [5] [6], names [2] [3] [4] [5] [6], contact information [1] [2] [3] [4] [5] [6], dates of birth [2] [5] [6], the last four digits of Social Security numbers [2] [6], and secret questions and answers [2] [5] [6]. Comcast has confirmed that approximately 35.8 million customers were affected [6]. While passwords were encrypted for protection [4], there is still a possibility they could be decrypted [4]. In response, Comcast has taken immediate action by initiating a password reset and recommending the use of two-factor or multi-factor authentication. It is important to note that the CitrixBleed vulnerability has also been exploited to target other companies, such as Boeing and Toyota. Comcast is currently conducting an investigation to determine the full extent of the breach and has implemented a precautionary measure requiring customers to reset their passwords.

Conclusion

The breach of sensitive customer information has significant implications for both Comcast and its customers. The compromised data, including usernames [2] [3] [4] [5] [6], contact information [1] [2] [3] [4] [5] [6], and partial Social Security numbers [4], can potentially be used for identity theft and other malicious activities. While Comcast has taken immediate action by initiating a password reset and recommending stronger authentication methods, there is still a risk that the encrypted passwords could be decrypted. The fact that other companies have also been targeted using the same vulnerability highlights the need for increased cybersecurity measures across industries. Comcast’s ongoing investigation will provide further insights into the extent of the breach and help identify additional steps to prevent future incidents. In the meantime, customers should remain vigilant and follow the recommended security measures to protect their personal information.

References

[1] https://www.washingtonpost.com/business/2023/12/19/xfinity-data-breach-customer-information/c512e480-9e8e-11ee-9e0f-972979a6c22b_story.html
[2] https://arstechnica.com/security/2023/12/hack-of-unpatched-comcast-servers-results-in-stolen-personal-data-including-passwords/
[3] https://www.infosecurity-magazine.com/news/xfinity-discloses-data-breach-36/
[4] https://www.csoonline.com/article/1267774/hackers-steal-data-from-millions-of-xfinity-customers-via-citrix-bleed-vulnerability.html
[5] https://www.jdsupra.com/legalnews/comcast-xfinity-announces-citrix-4779346/
[6] https://techcrunch.com/2023/12/19/comcast-xfinity-hackers-36-million-customers/