Comcast’s Xfinity Customer Data Breached in CitrixBleed Exploit

December 19, 2023

Comcast's Xfinity is alerting its customers to a data breach resulting from a cyberattack that utilized the CitrixBleed vulnerability. This critical flaw, designated as CVE-2023-4966, is found in the Citrix NetScaler ADC software and can be exploited by unauthorized individuals to gain access to sensitive information and systems. The vulnerability was initially identified by researchers at Positive Technologies and reported to Citrix on October 10, 2023. Citrix subsequently issued a patch for the flaw on November 15, 2023.

The unidentified threat actors took advantage of this vulnerability to take over existing authenticated sessions, allowing them to bypass multifactor authentication or other stringent authentication protocols. The researchers cautioned that these sessions could continue even after the patch to address CVE-2023-4966 has been implemented. Mandiant, a security firm, noted instances of threat actors hijacking sessions where session data was stolen prior to the deployment of the patch, which was then used by the threat actors.

Xfinity, a Comcast Cable Communications brand and a subsidiary of Comcast Corporation, is a leading provider of broadband internet and cable TV services in the United States. The company responded to the issue soon after Citrix made the disclosure in October. However, they later found that there had been unauthorized access to some of their internal systems prior to the implementation of mitigation measures. The flaw was exploited by threat actors between October 16 and October 19, 2023. The company has since informed law enforcement and initiated an investigation into the incident.

In a notice of a security incident, the company stated, “On November 16, 2023, it was determined that information was likely acquired.” It added, “On December 6, 2023, we concluded that the information included usernames and hashed passwords. For some customers, other information was also included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, our data analysis is continuing, and we will provide additional notices as appropriate.” The company discovered that the exposed customer data varied for each customer and included usernames and hashed passwords. As a precautionary measure, the company has advised customers to reset their passwords and enable multi-factor authentication.

Related News

• Urgent Warnings Issued on CitrixBleed Exploitation by LockBit Ransomware Gang
• Citrix Urges Administrators to Terminate NetScaler User Sessions Amidst Hacker Threats
• Toyota Ransomware Attack Likely Exploited CitrixBleed Vulnerability
• LockBit Ransomware Group Leaks Boeing's Data After Ransom Refusal
• Citrix Urges Immediate Patching of NetScaler CVE-2023-4966 Vulnerability Amid Ongoing Attacks

Latest News

• Google Patches 8th Chrome Zero-Day Exploited in 2023
• Ivanti Patches 13 Critical Security Flaws in Avalanche Enterprise Mobile Device Management Solution
• Cyber Attackers Utilize Old Microsoft Office Vulnerability to Disseminate Spyware
• Critical Vulnerability in WordPress Plugin WP Clone Exposes 90,000 Sites to Potential Cyberattacks
• Microsoft Outlook Zero-Click Security Flaws Triggered by Sound File Exploitation