Almost 36 Million Comcast Xfinity Customers Data Might Have Been Stolen

Another day, another security breach. This time, it’s Comcast who is making public that around 36 million customers might be affected. Comcast is the latest in a long line of companies that have fallen victim to Citrix Bleed.

Comcast announced on its website this week that “during a routine cybersecurity exercise on October 25, Xfinity discovered suspicious activity and subsequently determined that between October 16 and October 19, 2023, there was unauthorized access to its internal systems that was concluded to be a result of this vulnerability.”

So why did it take Comcast so long to disclose this cybersecurity issue? Well, as is the case with many other companies, Comcast wants to make sure that the vulnerability is patched instead of telling the whole world to come and hack their customer’s data by disclosing this right away. On top of that, Xfinity was finishing up its review of the affected systems and data, to really find out what information might have been stolen. Comcast says, “included usernames and hashed passwords; for some customers, other information may also have been included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers.”

Comcast is now forcing everyone to reset their passwords. The company is also strongly recommending that everyone enable multi-factor authentication on their accounts.

What is Citrix Bleed?

Citrix Bleed is a pretty well-known vulnerability, in anything that uses Citrix, which is a cloud giant that a lot of enterprises use for their databases.

Citrix has released a patch for the flaw and has urged users to apply it immediately to ensure that their data is safe from hackers. The vulnerability that is being used here is tracked as CVE-2023-4966, and it carries a severity score of 9.4 This affects NetScaler, ADC, and NetScaler Gateway.

It’s basically a software vulnerability that enables attackers to bypass the password requirements and multifactor authentication. This would allow them to hijack legitimate user sessions and access sensitive device information.