Comcast’s Xfinity Customer Data Breached in CitrixBleed Exploit

December 19, 2023

Comcast's Xfinity is alerting its customers to a data breach resulting from a cyberattack that utilized the CitrixBleed vulnerability. This critical flaw, designated as CVE-2023-4966, is found in the Citrix NetScaler ADC software and can be exploited by unauthorized individuals to gain access to sensitive information and systems. The vulnerability was initially identified by researchers at Positive Technologies and reported to Citrix on October 10, 2023. Citrix subsequently issued a patch for the flaw on November 15, 2023.

The unidentified threat actors took advantage of this vulnerability to take over existing authenticated sessions, allowing them to bypass multifactor authentication or other stringent authentication protocols. The researchers cautioned that these sessions could continue even after the patch to address CVE-2023-4966 has been implemented. Mandiant, a security firm, noted instances of threat actors hijacking sessions where session data was stolen prior to the deployment of the patch, which was then used by the threat actors.

Xfinity, a Comcast Cable Communications brand and a subsidiary of Comcast Corporation, is a leading provider of broadband internet and cable TV services in the United States. The company responded to the issue soon after Citrix made the disclosure in October. However, they later found that there had been unauthorized access to some of their internal systems prior to the implementation of mitigation measures. The flaw was exploited by threat actors between October 16 and October 19, 2023. The company has since informed law enforcement and initiated an investigation into the incident.

In a notice of a security incident, the company stated, “On November 16, 2023, it was determined that information was likely acquired.” It added, “On December 6, 2023, we concluded that the information included usernames and hashed passwords. For some customers, other information was also included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, our data analysis is continuing, and we will provide additional notices as appropriate.” The company discovered that the exposed customer data varied for each customer and included usernames and hashed passwords. As a precautionary measure, the company has advised customers to reset their passwords and enable multi-factor authentication.

Related News

Latest News

Like what you see?

Get a digest of headlines, vulnerabilities, risk context, and more delivered to your inbox.

Subscribe Below

By submitting this form, you’re giving us permission to email you. You may unsubscribe at any time.

Accelerate Security Teams

Continuously identify and prioritize the risks that are most critical in your environment, and validate that your remediation efforts are reducing risk. An always-on single source-of-truth of your assets, services, and vulnerabilities.