The now-infamous CitrixBleed vulnerability has claimed possibly its biggest kill yet: 35 million customers of Comcast Xfinity.
Since at least August, attackers have been exploiting CVE-2023-4966, a 7.5 high-severity vulnerability affecting Citrix Systems' NetScaler ADC and Gateway networking products.
Even after it was brought to light in October, many organizations have struggled to comprehensively shore up their systems.
One such organization appears to be Comcast Xfinity.
On Monday, the cable giant disclosed a CitrixBleed-enabled breach of its customer data, including usernames and hashed passwords, and, for some, names, contact information, last four digits of Social Security numbers, dates of birth, and security questions and answers.
What Happened in the Comcast Data Breach Citrix first disclosed and released a patch for CitrixBleed on Oct. 10, with additional guidance for affected customers following a week and two weeks thereafter.
The company fell victim to a breach through Citrix lasting from Oct. 16 to 19.
Xfinity did not explain this discrepancy in its response to an inquiry from Dark Reading.
In those three days, it seems, attackers were able to exfiltrate much of the data Xfinity has about its customers.
A disclosure filed with the Maine Attorney General's Office reveals the full extent of the damage: 35,879,455 individuals affected.
All Xfinity customers will be prompted to reset their passwords upon their next login attempts.
Some customers had already received the prompt days before Monday's disclosure.
Last month, ReliaQuest identified five active threat groups, including the LockBit ransomware gang, still picking at it.
He also notes a rumor that ransomware groups have passed around a Python script that automates the entire attack chain.
This Cyber News was published on www.darkreading.com. Publication date: Tue, 19 Dec 2023 23:00:06 +0000