Doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems.
On October 25, roughly two weeks after Citrix released security updates to address a critical vulnerability now known as Citrix Bleed and tracked as CVE-2023-4966, the telecommunications company found evidence of malicious activity on its network between October 16 and October 19.
Cybersecurity company Mandiant says the Citrix flaw had been actively exploited as a zero-day since at least late August 2023.
Following an investigation into the impact of the security breach, Xfinity discovered on November 16 that the attackers also exfiltrated data belonging to an undisclosed number of customers from its systems.
While Xfinity says it has asked users to reset their passwords to protect affected accounts, customers report that they had been getting password reset requests last week without any indication as to why that was happening.
An Xfinity spokesperson was not immediately available for comment when contacted by BleepingComputer earlier today.
One year ago, Xfinity customers also had their accounts hacked in widespread credential stuffing attacks bypassing two-factor authentication.
Compromised accounts were then used to reset account passwords for other services, including the Coinbase and Gemini crypto exchanges.
Vans and North Face owner VF Corp hit by ransomware attack.
Mortgage giant Mr. Cooper data breach affects 14.7 million people.
MongoDB says customer data was exposed in a cyberattack.
Ex-Amazon engineer pleads guilty to hacking crypto exchanges.
Delta Dental of California data breach exposed info of 7 million people.
This Cyber News was published on www.bleepingcomputer.com. Publication date: Tue, 19 Dec 2023 00:05:21 +0000