Skip to main content
close search
site logo
Dive Brief

Comcast’s Xfinity discloses massive data breach linked to CitrixBleed vulnerability

The breach, involving 35.9 million customers, took place just a week after Citrix released a patch for a critical flaw.

Published Dec. 19, 2023
David Jones's headshot
Reporter
A sign is posted in front of a Comcast office on January 23, 2020 in San Rafael, California. Justin Sullivan via Getty Images

Dive Brief:

  • Comcast’s Xfinity broadband entertainment platform disclosed a massive data breach involving 35.9 million customers on Monday, an incident connected to the ongoing CitrixBleed vulnerability.
  • Xfinity promptly patched the vulnerability in Citrix software it uses in mid-October and took additional mitigation steps, the company said in an announcement. However, during a routine cybersecurity exercise on Oct. 25, Xfinity found an anomaly in its systems and identified a breach between Oct. 16-19 by an unauthorized party. 
  • After launching an investigation and contacting law enforcement, on Nov. 16 the company determined that customer data was likely stolen. On Dec. 6, Xfinity determined the compromised data included user names and hashed passwords. In some cases, names, contact information, the last four digits of Social Security numbers, dates of birth and secret questions and answers were accessed.

Dive Insight:

The breach is one of the largest incidents linked to the CitrixBleed buffer overflow vulnerability so far, which has led to major breaches worldwide involving companies that use Citrix Netscaler Application Delivery Controller or Netscaler Gateway. 

LockBit 3.0 and AlphV/BlackCat are among several major groups linked to CitrixBleed exploitation activity. Boeing has shared data with the FBI and Cybersecurity and Infrastructure Security Agency, which led an international effort to stem a wave of attacks. 

Xfinity is not aware of any data being used for fraudulent activity and the company — a unit of Comcast — is urging customers to reset their passwords and enable two-factor or multifactor authentication, according to a spokesperson.

There is not a recent filing listed on the Comcast investor relations website, nor is it clear whether the company has disclosed anything yet to the Securities and Exchange Commission. 

The attack will likely raise additional questions about the effectiveness of the Citrix patch and mitigation steps. 

Just a week after the patch was released, Mandiant sent out urgent warnings regarding threat activity that involved patched customers being compromised. Mandiant warned that users would need to delete active sessions, because if those prior sessions persisted, threat groups were still able to gain access to systems. 

Such a breach would entangle just about all of Xfinity’s customer base, however it is unclear whether other Comcast customers were impacted. 

Mandiant declined to comment on the incident. A spokesperson for Citrix was not immediately available for comment.

Editors' picks

Company Announcements

View all | Post a press release
CUSO Financial Services, LP Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
TrustNet Named 2024’s Best Compliance Advisory and Audit Firm at CDM’s Annual Top InfoSec Inno…
From TrustNet
November 06, 2024
Mystic Valley Elder Services Data Breach Investigation
From Migliaccio & Rathod LLP
October 31, 2024
Traceable Releases 2025 State of API Security Report: API Breaches Persist as Fraud, Bot Attac…
From Traceable AI
October 30, 2024
Editors' picks
Latest in Breaches
image/svg+xml
Industry Dive is an Informa business
© 2024 Industry Dive. All rights reserved. | View our other publications | Privacy policy | Terms of use | Take down policy.
Cookie Preferences / Do Not Sell