December 18, 2023 at 07:04PM
Xfinity, the subsidiary of Comcast Cable Communications, reported a security breach where attackers stole sensitive customer information after exploiting a Citrix server. The breach, discovered in November, resulted in the exfiltration of customer data, including usernames, hashed passwords, contact information, and partial social security numbers. Xfinity has proactively reset affected users’ passwords.
Based on the meeting notes, the key takeaways are:
1. Xfinity, operated by Comcast Cable Communications, experienced a security breach in which customer-sensitive information was stolen after attackers breached one of its Citrix servers.
2. The breach occurred after Citrix released security updates to address a critical vulnerability known as Citrix Bleed (CVE-2023-4966).
3. Cybersecurity company Mandiant determined that the Citrix flaw had been actively exploited as a zero-day since at least late August 2023.
4. Xfinity discovered on November 16 that customer data, including usernames, hashed passwords, and potentially additional personal information, was exfiltrated from its systems.
5. Xfinity proactively asked users to reset their passwords to protect affected accounts, but customers reported receiving password reset requests without explanation.
6. Approximately one year ago, Xfinity customers also experienced account hacks in widespread credential stuffing attacks, bypassing two-factor authentication, and leading to compromised accounts being used for password resets on other services, including cryptocurrency exchanges like Coinbase and Gemini.