Xfinity Discloses Data Breach Impacting Over 35 Million Users
In a recent revelation, Comcast Cable Communications, operating as Xfinity, disclosed a significant data breach affecting more than 35 million individuals. The breach, stemming from attackers exploiting a Citrix server vulnerability, has raised concerns about the security of sensitive customer information.
Timeline of Events
October 16-19, 2023: Evidence of malicious activity is discovered on Xfinity’s network, just weeks after Citrix released security updates for a critical vulnerability known as Citrix Bleed (CVE-2023-4966).
Late August 2023: Cybersecurity company Mandiant reveals that the Citrix flaw had been actively exploited as a zero-day vulnerability.
November 16, 2023: Xfinity confirms that data exfiltration occurred as a result of the breach, impacting 35,879,455 individuals.
December 6, 2023: Xfinity determines that compromised customer information includes usernames and hashed passwords. Further analysis is ongoing, with the possibility of additional data exposure.
Nature of Compromised Information
The breached data includes usernames and hashed passwords for all affected users. For some individuals, additional sensitive information such as names, contact details, last four digits of social security numbers, dates of birth, and secret questions and answers may have been exposed. Xfinity reassures users that a comprehensive analysis of the compromised data is underway.
User Response and Password Resets
Xfinity has proactively initiated password resets for affected accounts, urging users to enhance their security. However, some customers reported receiving password reset requests without clear explanations. The company, in a data breach notice, emphasizes the importance of resetting passwords during the login process.
Historical Context
This incident follows a similar security breach a year ago, where Xfinity customers experienced widespread credential stuffing attacks. These attacks, bypassing two-factor authentication, compromised accounts and led to unauthorized password resets for various services, including popular crypto exchanges like Coinbase and Gemini.