Get all your news in one place.
100’s of premium titles.
One app.
Start reading
TechRadar
TechRadar
Sead Fadilpašić

Xfinity admits data breach may have affected 36 million customers

Petya nagscreen.

Xfinity is the latest in a long line of companies to fall victim to Citrix Bleed, parent company Comcast has confirmed, revealing that almost 36 million customers may have had their data stolen.

The company published a press release confirming that it had been breached and that sensitive customer data had been stolen.

"During a routine cybersecurity exercise on October 25, Xfinity discovered suspicious activity and subsequently determined that between October 16 and October 19, 2023, there was unauthorized access to its internal systems that was concluded to be a result of this vulnerability," the press release read.

Abusing a patched flaw

Further investigation confirmed that the attackers managed to steal people’s sensitive data: "After additional review of the affected systems and data, Xfinity concluded on December 6, 2023, that the customer information in scope included usernames and hashed passwords; for some customers, other information may also have been included, such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers."

The company’s customers are now required to reset their passwords, Xfinity confirmed. It also said it “strongly recommends” users enable multi-factor authentication (MFA) to secure their accounts. “While Xfinity advises customers not to re-use passwords across multiple accounts, the company is recommending that customers change passwords for other accounts for which they use the same username and password or security question,” the announcement concluded. 

In late October this year, cloud giant Citrix confirmed earlier reports that a critical vulnerability in some of its products was being exploited in the wild. 

It released a patch for the flaw, urging users to apply it immediately to ensure their safety from hackers. The vulnerability in question is tracked as CVE-2023-4966. It carries a severity score of 9.4 and affects NetScaler ADC, and NetScaler Gateway.

A proof-of-concept dubbed Citrix Bleed soon appeared on GitHub.

More from TechRadar Pro

Sign up to read this article
Read news from 100’s of titles, curated specifically for you.
Already a member? Sign in here
Related Stories
Top stories on inkl right now
One subscription that gives you access to news from hundreds of sites
Already a member? Sign in here
Our Picks
Fourteen days free
Download the app
One app. One membership.
100+ trusted global sources.