Citrix Bleed bug leads to data breach exposing information of 35 million Xfinity customers

Citrix Bleed bug leads to data breach exposing information of 35 million Xfinity customers

Xfinity, a subsidiary of Comcast Corporation, recently confirmed that more than 35 million of its customers were impacted by a data breach linked to the Citrix Bleed vulnerability. This cyberattack, which occurred in mid-October, resulted in the theft of usernames and encrypted passwords. Citrix first announced the discovery of the critical vulnerability CVE-2023-4966 on October 10 and released a patch on the same day to address the Citrix Bleed bug, a buffer overflow flaw that can expose sensitive information on NetScaler ADC and NetScaler Gateway devices.

Between October 16 and October 19, unauthorized access was made to Xfinity’s systems due to the Citrix Bleed vulnerability. It was determined on November 16 that information was likely compromised during this breach. The stolen data included customers’ names, contact information, dates of birth, answers to security questions, the last four digits of Social Security numbers, and hashed usernames and passwords. This information was discovered to be stolen on December 6, and consumer notification began on December 18, with Xfinity reporting the incident to the Maine Attorney General’s Office.

Xfinity initiated password resets starting around December 11, which caused confusion and frustration among customers who were unaware of the breach. The company reassured customers that they were taking the matter seriously and were committed to investing in technology, protocols, and experts to safeguard customer data.

Despite Xfinity’s quick patching and mitigation of the vulnerability after the initial Citrix Bleed patch, unauthorized access still occurred. This breach disclosure also mentioned that Citrix provided additional guidance on October 23 after Mandiant discovered that the vulnerability had been actively exploited since late August. Citrix updated its security bulletin with recommendations to end all active and persistent sessions to mitigate the potential risks associated with the vulnerability.

Overall, the Xfinity data breach serves as a reminder of the importance of timely and thorough response to security vulnerabilities to protect customer data. Companies must continue to invest in cybersecurity measures to prevent future breaches and prioritize customer safety and data protection.

Article Source
https://www.scmagazine.com/news/xfinity-breach-affecting-35m-blamed-on-citrix-bleed