Comcast has confirmed a significant cyberattack that led to a data breach, utilizing a critical vulnerability known as “CitrixBleed” and impacting nearly 36 million Xfinity customers. This breach, which is a part of a series of high-profile cyberattacks, also targeted other major corporations including Boeing and the Industrial and Commercial Bank of China.
CitrixBleed, a flaw in Citrix networking devices, has been exploited since late August, with patches available only in early October. Many organizations, including Comcast, did not apply these patches in time, leading to unauthorized access to sensitive data.
Between October 16 and 19, hackers infiltrated Xfinity's internal systems, with the activity going undetected until October 25. By November 16, Comcast acknowledged that customer data was likely compromised. This breach includes customer usernames, hashed passwords, personal information such as contact details, dates of birth, partial Social Security numbers, and answers to secret questions.
Comcast's spokesperson, Joel Shadle, told news outlets, “We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers.” The company has urged customers to reset their passwords and advises the use of two-factor or multi-factor authentication.
Kiran Chinnagangannagari, CTO, CPO & co-founder of Securin, highlighted the dangers of vulnerabilities like CitrixBleed. He noted, “CVE-2023-4966, or CitrixBleed, is a vulnerability that could allow cyber bad actors to take control of an affected system.” Chinnagangannagari emphasized the rapid exploitation of such vulnerabilities by ransomware groups and the importance of Continuous Threat Exposure Management (CTEM) in mitigating risks.
David Ratner, CEO of HYAS, commented on the urgency of addressing such security challenges. He stated, “The criminals are waiting for each new zero-day to be discovered. An effective patch strategy is critical, but operational resiliency must be added at all layers.”
Comcast's filing with Maine’s attorney general revealed that the breach affected almost 35.8 million customers. The extent of the damage and whether Xfinity received a ransom demand remain unclear. Comcast has not disclosed if the incident was reported to the U.S. Securities and Exchange Commission under the new data breach reporting rules.
This incident underscores the growing threat of cyberattacks and the importance of prompt patch application and robust cybersecurity measures. The breach's impact on Comcast's operations and customer trust is yet to be fully realized.