LLC, operating under the brand name Xfinity, has suffered a massive data breach affecting 36 million users.
Comcast-owned brand Xfinity has initiated the process of notifying its customers about a significant data breach impacting tens of millions of users.
The data breach is linked to the critical vulnerability in Citrix software.
It is worth noting that in November 2023, the cybersecurity firm Mandiant, owned by Google, released its findings, issuing a warning to companies about the active exploitation of the Citrix vulnerability.
The report indicated that not one, but four uncategorized threat actor groups were involved in the exploitation.
The telecommunication giant, which offers a wide range of services including internet, TV, and phone, stated in the notice sent on Monday that hackers exploited a software vulnerability to access its customers' personal information.
Xfinity discovered the suspicious activity on October 25, and by December 6 it determined that compromised data may include usernames, hashed passwords, last four digits of Social Security numbers, account security questions, birthdates, and contact information.
According to a breach notification filed with the Maine Attorney General, the breach affected around 35.9 million user accounts, representing a significant portion of its overall user base, which comprises 32 million broadband users.
Cloud computing firm Citrix discovered a vulnerability dubbed Citrix Bleed in early October, which affected products used by companies like Xfinity.
The report revealed that four uncategorized threat actor groups were involved in exploiting the vulnerability.
This vulnerability affects NetScaler ADC and Gateway appliances, allowing them to manipulate user sessions without requiring authentication measures.
The same vulnerability was previously linked to hacks targeting the Industrial and Commercial Bank of China's New York branch and a Boeing subsidiary.
Xfinity patched the vulnerability, but unauthorized access to its internal systems led to data compromise by mid-November.
In its official statement, Xfinity's spokesperson stated that there is no evidence of customers' data being leaked or targeted attacks.
All Xfinity customers are urged to reset their passwords and are advised to use two-factor authentication for added security.
In a comment to Hackread.com, Immersive Labs' Director of Cyber Threat Research Kev Breen warned companies to timely patch security vulnerabilities as threat actors are quick to exploit them.
Breen also argued the culture of non-existing cybersecurity and vulnerability disclosure-related transparency, despite the US government's strict and recent policies holding software companies liable for data breaches.
In November 2015, the company discovered that 200,000 user login credentials, including email addresses and passwords, were leaked and being sold on the dark web.
The company attributed the incident to customers falling victim to malware and phishing attacks.
As for the latest data breach, Comcast, under new Securities and Exchange Commission rules, must disclose cybersecurity breaches affecting their bottom line within four days but has not yet filed such a report, according to The Associated Press.
This Cyber News was published on www.hackread.com. Publication date: Wed, 20 Dec 2023 11:43:05 +0000