Xfinity reports data breach via unpatched Citrix server hack
Learn More
Comcast Cable Communications, operating under the Xfinity brand, recently announced that a breach of one of its Citrix servers in October led to the theft of sensitive customer information. This disclosure came after Citrix addressed a critical vulnerability known as Citrix Bleed (CVE-2023-4966) on October 25.
During a network security check between October 16 and October 19, Xfinity detected unauthorized activity. An ensuing investigation revealed on November 16 that the attackers had extracted data of customers.
The compromised data, as identified by Xfinity on December 6, included:
- usernames
- hashed passwords.
- names,
- contact details,
- the last four digits of social security numbers,
- dates of birth,
- secret questions and answers
Xfinity has not disclosed the number of affected customers.
Update - After conducting an investigation into the recent security incident, Xfinity found out that the attackers had extracted data from their systems, impacting a total of 35,879,455 individuals in the data breach.
Xfinity has urged users to reset their passwords as a precautionary measure, though some customers reported receiving password reset requests without any explanation last week.
