Comcast’s Xfinity broadband entertainment platform announced a significant data breach affecting 35.9 million customers, related to the CitrixBleed vulnerability. The company quickly fixed the vulnerability after detecting an anomaly in mid-October and taking additional security measures. Despite this, a breach was identified between October 16 and 19 by an unauthorized third party during a cybersecurity exercise on October 25. After investigating and contacting law enforcement, Xfinity confirmed on November 16 that customer data was likely stolen. This included usernames, encrypted passwords, names, contact information, the last four digits of Social Security numbers, birth dates, and secret questions and answers in some cases.
This breach is one of the largest connected to the CitrixBleed vulnerability, impacting companies globally using Citrix Netscaler Application Delivery Controller or Netscaler Gateway, with groups like LockBit 3.0 and AlphV/BlackCat involved in exploitation activities. Boeing shared information with the FBI and the Cyber and Infrastructure Security Agency to combat these attacks. Xfinity stated that no stolen data has been used for fraudulent purposes and is advising customers to reset passwords and activate two-factor or multi-factor authentication.
There have been no recent updates on Comcast’s investor relations website, and it is unclear if the company has informed the Securities and Exchange Commission about the breach. The incident highlights concerns about the effectiveness of Citrix’s patch and mitigation measures, as Mandiant issued urgent warnings about compromised customers even after the patch’s release.
While the breach affects a significant portion of Xfinity’s customer base, it remains uncertain if other Comcast customers were impacted. Mandiant and Citrix did not provide immediate comments on the breach, raising further questions about the security of customer data and the potential impact on affected individuals.
Article Source
https://www.cybersecuritydive.com/news/comcasts-xfinity-data-breach-citrixbleed/702957/
