Comcast is sending notices of a data breach to Xfinity subscribers, informing them that their sensitive information has been compromised.
Comcast Corporation is a global media and technology company primarily known for its broadband, cable TV, and telecommunications services. Xfinity is a brand of Comcast used for its consumer cable television, internet, telephone, and wireless services.
The company is notifying 35,879,455 Xfinity customers of a data breach that took place on October 16, 2023, when attackers accessed its internal systems by leveraging a vulnerability impacting Citrix NetScaler ADC/Gateway devices, dubbed ‘Citrix Bleed.’ The flaw, officially tracked as CVE-2023-4699, is a critical information disclosure problem that enables unauthenticated attackers to access secrets in unpatched appliances.
The vendor released a fix on October 10, 2023, but active exploitation by multiple threat groups has been underway since at least late August this year. Also, additional mitigation guidance was provided to impacted clients on October 23, 2023. However, by that time, it was too late for Comcast. The company explains in the notification sent to affected clients that the attackers roamed its networks between October 16 and 19, prior to them applying the mitigations and security updates.
As a result of this security incident, the following customer data has been compromised, based on the internal investigation that was concluded on December 6, 2023:
- Usernames
- Hashed passwords
- Full names
- Contact information
- Last four digits of social security numbers (SSNs)
- Dates of birth
- Secret questions and answers
The exact amount and types of data exposed varies per individual. Comcast promised to send additional notices that better reflect the personalized impact for each customer in the following weeks.
In response to the event, the firm has performed a forced password reset, so all impacted Xfinity clients will be prompted to enter a new password on their next login attempt.
People are advised to pick a long and unique password that is resistant to brute-forcing. The Xfinity platform also supports two-factor authentication (2FA) for additional protection against account hijack attempts, which users are urged to activate immediately.
Finally, if the notice recipients happen to use the same credentials on other online platforms, they are recommended to change them there, too, in order to minimize the likelihood of falling victim to credential-stuffing attacks.
This is one of the most massive data breaches recorded this year, and it’s bound to generate phishing and scamming activity from the multiple threat actors who are going to scrutinize the set for potentially valuable targets over the next couple of months. That said, exposed individuals should remain vigilant against unsolicited communications and closely monitor their bank statements and account activity.