Xfinity Rocked with Data Breach Impacting 36 Million Users

LLC, operating under the brand name Xfinity, has suffered a massive data breach affecting 36 million users.
Comcast-owned brand Xfinity has initiated the process of notifying its customers about a significant data breach impacting tens of millions of users.
The data breach is linked to the critical vulnerability in Citrix software.
It is worth noting that in November 2023, the cybersecurity firm Mandiant, owned by Google, released its findings, issuing a warning to companies about the active exploitation of the Citrix vulnerability.
The report indicated that not one, but four uncategorized threat actor groups were involved in the exploitation.
The telecommunication giant, which offers a wide range of services including internet, TV, and phone, stated in the notice sent on Monday that hackers exploited a software vulnerability to access its customers' personal information.
Xfinity discovered the suspicious activity on October 25, and by December 6 it determined that compromised data may include usernames, hashed passwords, last four digits of Social Security numbers, account security questions, birthdates, and contact information.
According to a breach notification filed with the Maine Attorney General, the breach affected around 35.9 million user accounts, representing a significant portion of its overall user base, which comprises 32 million broadband users.
Cloud computing firm Citrix discovered a vulnerability dubbed Citrix Bleed in early October, which affected products used by companies like Xfinity.
The report revealed that four uncategorized threat actor groups were involved in exploiting the vulnerability.
This vulnerability affects NetScaler ADC and Gateway appliances, allowing them to manipulate user sessions without requiring authentication measures.
The same vulnerability was previously linked to hacks targeting the Industrial and Commercial Bank of China's New York branch and a Boeing subsidiary.
Xfinity patched the vulnerability, but unauthorized access to its internal systems led to data compromise by mid-November.
In its official statement, Xfinity's spokesperson stated that there is no evidence of customers' data being leaked or targeted attacks.
All Xfinity customers are urged to reset their passwords and are advised to use two-factor authentication for added security.
In a comment to Hackread.com, Immersive Labs' Director of Cyber Threat Research Kev Breen warned companies to timely patch security vulnerabilities as threat actors are quick to exploit them.
Breen also argued the culture of non-existing cybersecurity and vulnerability disclosure-related transparency, despite the US government's strict and recent policies holding software companies liable for data breaches.
In November 2015, the company discovered that 200,000 user login credentials, including email addresses and passwords, were leaked and being sold on the dark web.
The company attributed the incident to customers falling victim to malware and phishing attacks.
As for the latest data breach, Comcast, under new Securities and Exchange Commission rules, must disclose cybersecurity breaches affecting their bottom line within four days but has not yet filed such a report, according to The Associated Press.


This Cyber News was published on www.hackread.com. Publication date: Wed, 20 Dec 2023 11:43:05 +0000


Cyber News related to Xfinity Rocked with Data Breach Impacting 36 Million Users

Xfinity Rocked with Data Breach Impacting 36 Million Users - LLC, operating under the brand name Xfinity, has suffered a massive data breach affecting 36 million users. Comcast-owned brand Xfinity has initiated the process of notifying its customers about a significant data breach impacting tens of millions of ...
1 year ago Hackread.com
Comcast Xfinity Reports Data Breach Exposing Info About 35M Customers - PRESS RELEASE. MARLTON, N.J., Dec. 19, 2023 /PRNewswire/ - Approximately 35 million consumers are being notified that their confidential information was compromised due to a vulnerability in software created by Citrix and used by Xfinity. The data ...
1 year ago Darkreading.com
Tech Security Year in Review - In this Tech Security Year in Review for 2023, let's look into the top data breaches of the past year. Each factor contributes to the growing threatscape, demanding a proactive and adaptable cybersecurity approach to safeguard your organization ...
11 months ago Securityboulevard.com
Comcast's Xfinity Breached: Data of 36 Million Users Exposed - Citrix bugs caused a lot of problems throughout the year, and as we're closing down 2023, it seems it's not over. This time, Xfinity, Comcast's cable television and internet division has been the victim of a data breach caused by the Citrix bug. ...
11 months ago Heimdalsecurity.com
How to perform a proof of concept for automated discovery using Amazon Macie | AWS Security Blog - After reviewing the managed data identifiers provided by Macie and creating the custom data identifiers needed for your POC, it’s time to stage data sets that will help demonstrate the capabilities of these identifiers and better understand how ...
2 months ago Aws.amazon.com
Welltok data breach exposes data of 8.5 million US patients - Healthcare SaaS provider Welltok is warning that a data breach exposed the personal data of nearly 8.5 million patients in the U.S. after a file transfer program used by the company was hacked in a data theft attack. Welltok works with health service ...
1 year ago Bleepingcomputer.com
Data Breach Response: A Step-by-Step Guide - In today's interconnected world, organizations must be prepared to respond swiftly and effectively in the face of a data breach. To navigate these challenges, a well-defined and comprehensive data breach response plan is essential. Let's explore the ...
10 months ago Securityzap.com
Xfinity discloses data breach after recent Citrix server hack - Doing business as Xfinity, disclosed on Monday that attackers who breached one of its Citrix servers in October also stole customer-sensitive information from its systems. On October 25, roughly two weeks after Citrix released security updates to ...
1 year ago Bleepingcomputer.com
Comcast-Owned Telcom Business 'Xfinity' Suffers Data Breach - Comcast-owned Xfinity has suffered a major data breach, affecting more than 25 million of its customers. This intrusion not only demonstrates a risky and expanding practice among hackers, but it has also greatly increased the vulnerability of ...
11 months ago Cysecurity.news
Xfinity Data Breach Impacts 36 Million Individuals - The data breach disclosed recently by Comcast's Xfinity impacts nearly 36 million individuals, the company told US authorities. The incident was disclosed by the telecommunications and smart home solutions provider on December 18, when it admitted ...
1 year ago Securityweek.com
Comcast Xfinity Breached via CitrixBleed; 35M Customers Affected - The now-infamous CitrixBleed vulnerability has claimed possibly its biggest kill yet: 35 million customers of Comcast Xfinity. Since at least August, attackers have been exploiting CVE-2023-4966, a 7.5 high-severity vulnerability affecting Citrix ...
1 year ago Darkreading.com
36 million people affected by data breach at Xfinity - Cable TV and internet service provider Xfinity says a breach linked to a widespread vulnerability in Citrix technology exposed data of about nearly 36 million people in mid-October. The intrusion happened between October 16-19, after Citrix had ...
1 year ago Therecord.media
Mint Mobile discloses new data breach exposing customer data - Mint Mobile has disclosed a new data breach that exposed the personal information of its customers, including data that can be used to perform SIM swap attacks. Mint is a mobile virtual network operator owned by T-Mobile, offering budget, pre-paid ...
11 months ago Bleepingcomputer.com
FCC orders telecom carriers to report PII data breaches within 30 days - Starting March 13th, telecommunications companies must report data breaches impacting customers' personally identifiable information within 30 days, as required by FCC's updated data breach reporting requirements. FCC's final rule follows several ...
10 months ago Bleepingcomputer.com
WebTPA data breach impacts 2.4 million insurance policyholders - The WebTPA Employer Services data breach disclosed earlier this month is impacting close to 2.5 million individuals, the U.S. Department of Health and Human Services notes. Some of the impacted people are customers at large insurance companies such ...
7 months ago Bleepingcomputer.com
Delta Dental says data breach exposed info of 7 million people - Delta Dental of California is warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. Delta Dental is a dental insurance provider that covers 85 million people ...
1 year ago Bleepingcomputer.com
Auto parts giant AutoZone warns of MOVEit data breach - AutoZone is warning tens of thousands of its customers that it suffered a data breach as part of the Clop MOVEit file transfer attacks. AutoZone is the leading retailer and distributor of automotive spare parts and accessories in the U.S., operating ...
1 year ago Bleepingcomputer.com
Delta Dental of California data breach exposed info of 7 million people - Delta Dental of California and its affiliates are warning almost seven million patients that they suffered a data breach after personal data was exposed in a MOVEit Transfer software breach. Delta Dental of California is a dental insurance provider ...
1 year ago Bleepingcomputer.com
Ticketmaster confirms data breach impacting 560 million customers - MUST READ. Ticketmaster confirms data breach impacting 560 million customers. ABN Amro discloses data breach following an attack on a third-party provider. Christie disclosed a data breach after a RansomHub attack. OmniVision disclosed a data breach ...
6 months ago Securityaffairs.com
FTC orders Blackbaud to boost security after massive data breach - Blackbaud has settled with the Federal Trade Commission after being charged with poor security and reckless data retention practices, leading to a May 2020 ransomware attack and a data breach affecting millions of people. Blackbaud is a U.S.-based ...
10 months ago Bleepingcomputer.com
Welltok Data Breach: 8.5M US Patients' Information Exposed - In a recent cybersecurity incident, Welltok, a leading healthcare Software as a Service provider, reported unauthorized access to its MOVEit Transfer server, affecting the personal information of approximately 8.5 million patients in the United ...
1 year ago Securityboulevard.com
Data breaches at Viamedis and Almerys impact 33 million in France - Data breaches at two French healthcare payment service providers, Viamedis and Almerys, have now been determined to impact over 33 million people in the country. Viamedis and Almerys provide healthcare and insurance services in France with ...
10 months ago Bleepingcomputer.com
Xfinity Discloses Data Breach Impacting Nearly 36 Million - Comcast Cable's Xfinity brand has revealed a major data breach impacting 35.9 million customers, that resulted from exploitation of a Citrix vulnerability. Reports suggested that the vulnerability had been exploited in the wild as far back as August ...
1 year ago Infosecurity-magazine.com
Goto Customers Backup Data Breach: Protect Your Business and Handle Data Breach Risks - A data breach at Goto customers exposed their backup data to malicious actors, leading to a data breach that impacted those customers. Businesses need to be aware of the risks associated with data breaches and how to protect their organisations from ...
1 year ago Securityaffairs.com
Week in review: Terrapin SSH attack, Mr. Cooper breach - Creating a formula for effective vulnerability prioritizationIn this Help Net Security interview, Michael Gorelik, CTO and Head of Malware Research at Morphisec, provides insights into the business impact of vulnerabilities. EMBA: Open-source ...
11 months ago Helpnetsecurity.com

Latest Cyber News


Cyber Trends (last 7 days)


Trending Cyber News (last 7 days)