Xfinity, the cable communications service provided by Comcast, revealed a data breach stemming from an attack on one of its Citrix servers in October. The breach, discovered on October 25, occurred approximately two weeks after Citrix released security updates to address the critical vulnerability known as Citrix Bleed (CVE-2023-4966). Mandiant, the cybersecurity company, reported that the Citrix flaw had been actively exploited as a zero-day since at least late August 2023.
During an investigation into the security breach, Xfinity found evidence of malicious activity on its network between October 16 and October 19. The subsequent examination led to the discovery that the attackers had exfiltrated customer-sensitive information from Xfinity’s systems. On December 6, 2023, Xfinity concluded that the compromised customer information included usernames and hashed passwords. Additionally, for some customers, the stolen data might include names, contact information, last four digits of social security numbers, dates of birth, and/or secret questions and answers.
In response to the breach, Xfinity proactively asked users to reset their passwords as a precautionary measure. However, some customers reported receiving password reset requests without clear explanations. Xfinity clarified that the data analysis is ongoing, and further details about the number of affected individuals were not disclosed. Notably, this is not the first time Xfinity has faced security issues, as a year ago, customers experienced account hacks through widespread credential stuffing attacks that bypassed two-factor authentication. The compromised accounts were then used to reset passwords for other services, including cryptocurrency exchanges Coinbase and Gemini.
