Comcast Xfinity Breached via CitrixBleed; 35M Customers Affected

  /     /     /  
Publicated : 23/11/2024   Category : security


Comcast Xfinity Breached via CitrixBleed; 35M Customers Affected


A trove of personal data belonging to millions of Americans is just the latest bullet point in a bad year for Citrix customers.



The now-infamous CitrixBleed vulnerability has claimed possibly its biggest kill yet: 35 million customers of Comcast Xfinity.
Since at least August, attackers have been exploiting
CVE-2023-4966
(aka CitrixBleed), a 7.5 high-severity vulnerability affecting Citrix Systems NetScaler ADC and Gateway networking products. Even after it was brought to light in October, many organizations have
struggled to comprehensively shore up their systems
.
One such organization appears to be Comcast Xfinity. On Monday, the cable giant disclosed a CitrixBleed-enabled breach of its customer data, including usernames and hashed passwords, and, for some, names, contact information, last four digits of Social Security numbers, dates of birth, and security questions and answers.
Xfinity provided the following statement to Dark Reading:
We are providing notice to customers about a data security incident which exploited a vulnerability previously announced by Citrix, a software provider used by Xfinity and thousands of other companies worldwide. We promptly patched and mitigated the vulnerability. We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers. In addition, we required our customers to reset their passwords and we strongly recommend that they enable two-factor or multi-factor authentication, as many Xfinity customers already do. We take the responsibility to protect our customers very seriously and have our cybersecurity team monitoring 24x7.
Citrix first disclosed and released
a patch for CitrixBleed
on Oct. 10, with additional guidance for affected customers following a week and two weeks thereafter. In response, according to
a notice to customers
, Comcast claims that it promptly patched and mitigated our systems.
However, the company fell victim to a breach through Citrix lasting from Oct. 16 to 19. Xfinity did not explain this discrepancy in its response to an inquiry from Dark Reading.
In those three days, it seems, attackers were able to exfiltrate much of the data Xfinity has about its customers. And
a disclosure filed with the Maine Attorney Generals Office
reveals the full extent of the damage: 35,879,455 individuals affected.
All Xfinity customers will be prompted to reset their passwords upon their next login attempts. Some customers had
already received the prompt
days before Mondays disclosure.
Even four months into its exploitation, and two months following its patch, CitrixBleed represents a significant risk for a number of reasons, says Chris Morgan, senior cyber threat intelligence analyst at ReliaQuest. Last month, ReliaQuest
identified five active threat groups
, including the LockBit ransomware gang, still picking at it.
The vulnerability affects a wide scale of devices, is extremely easy to exploit — with
available proof of concepts (POCs) in circulation
— and can present significant opportunities for threat actors, he explains. He also notes a rumor that ransomware groups have passed around
a Python script that automates the entire attack chain
.
Even if organizations have applied the necessary patch for the issue and rebooted, he continues, session tokens can be accessed from a devices memory, which then can then be used to hijack active sessions. This can effectively bypass authentication and gain unencumbered access to the appliance. This is why it is important to invalidate active and persistent session tokens upon applying the patch.
Susceptible organizations who fail to take these steps will continue to face a significant risk from financially motivated threat actors — in addition to several other significant threats — until they take action, he says.

Last News

▸ Beware EMV may not fully protect against skilled thieves. ◂
Discovered: 23/12/2024
Category: security

▸ Hack Your Hotel Room ◂
Discovered: 23/12/2024
Category: security

▸ Website hacks happened during World Cup final. ◂
Discovered: 23/12/2024
Category: security


Cyber Security Categories
Google Dorks Database
Exploits Vulnerability
Exploit Shellcodes

CVE List
Tools/Apps
News/Aarticles

Phishing Database
Deepfake Detection
Trends/Statistics & Live Infos



Tags:
Comcast Xfinity Breached via CitrixBleed; 35M Customers Affected