Xfinity Unveils Data Breach Impact following Citrix Server Cyberattack: How to Protect Yourself

Recently, Comcast Cable Communications, operating under the name Xfinity, disclosed that in October, attackers breached one of its Citrix servers and stole sensitive customer information from its systems.

On October 25, about two weeks after Citrix released security updates to address a critical vulnerability known as Citrix Bleed (tracked as CVE-2023-4966), the telecommunications company discovered evidence of malicious activity on its network between October 16 and October 19.

Cybersecurity firm Mandiant reports that the Citrix flaw had been actively exploited as a zero-day since at least late August 2023.

After investigating the security breach, Xfinity found on November 16 that the attackers had also exfiltrated data from its systems, affecting an undisclosed number of customers. The company said, “After additional review of the affected systems and data, Xfinity concluded on December 6, 2023, that the customer information in scope included usernames and hashed passwords.”

It added that, for some customers, other information such as names, contact information, last four digits of social security numbers, dates of birth, and/or secret questions and answers may also have been included. However, the data analysis is ongoing.

Users’ passwords reset without warning

While Xfinity claims it has asked users to reset their passwords to protect affected accounts, customers report that they had been receiving password reset requests last week without any explanation. The company states in a data breach notice published on its website, “To protect your account, we have proactively asked you to reset your password. The next time you login to your Xfinity account, you will be prompted to change your password, if you haven’t been asked to do so already.”

Just a year ago, Xfinity customers also faced account hacks in widespread credential stuffing attacks that bypassed two-factor authentication. Compromised accounts were then used to reset account passwords for other services, such as the Coinbase and Gemini crypto exchanges.

What can you do?

As users of IT services, we should always be vigilant and take necessary precautions to protect our accounts and personal information. If you’re an Xfinity customer, make sure to reset your password and enable two-factor or multi-factor authentication for added security.

Moreover, keep an eye out for any suspicious activity on your accounts, and always stay informed about potential threats and security breaches. Remember, knowledge is power, and staying updated on cybersecurity matters is crucial in today’s digital world.

If you want to learn more about cybersecurity and stay ahead of potential risks, don’t hesitate to reach out to us. We’re here to help you stay safe and informed.