December 19, 2023 at 03:47PM
Millions of Comcast Xfinity customers’ personal data was likely stolen by exploiting Citrix Bleed in October. The breach was discovered during a cybersecurity exercise on October 25, and 35.9 million people were affected. Stolen data includes usernames, hashed passwords, contact details, and secret security question-answers. Xfinity is urging customers to reset passwords and enable multi-factor authentication.
Based on the meeting notes, I have summarized the key points:
1. In October, Comcast Xfinity fell victim to the Citrix Bleed critical information disclosure bug, leading to unauthorized access to its internal systems.
2. 35.9 million people, potentially all of Xfinity’s customers, were affected, with stolen data including usernames, hashed passwords, contact information, last four digits of social security numbers, dates of birth, and/or secret questions and answers.
3. Xfinity promptly patched and mitigated the Citrix vulnerability but discovered suspicious activity during a cybersecurity exercise, leading to the notification of federal law enforcement.
4. Customers are being required to reset their passwords and enable two- or multi-factor authentication, and are being advised not to reuse passwords across multiple accounts.
If you need more detailed information or have any other specific questions, please feel free to ask.