In a recent security breach, Comcast has alerted millions of Xfinity customers about potential compromises to their passwords and portions of social security numbers. The breach, linked to a known vulnerability affecting major companies, including Boeing and Toyota, has been dubbed “CitrixBleed.”
The Maine Attorney General’s website revealed that 35.8 million customer IDs were impacted, not to be confused with individual customers, considering Comcast’s 31.7 million domestic residential customer relationships, as per the third-quarter earnings report.
To safeguard affected accounts, Comcast has mandated password resets and strongly advised customers to enable two-factor or multi-factor authentication. Customers are also encouraged to change passwords for other accounts sharing the same login credentials.
Discovered during a routine cybersecurity exercise, the breach exploited a vulnerability in the software Xfinity utilizes through Citrix’s NetScaler ADC and NetScaler Gateway appliances. Unauthorized access occurred between October 16 and 19, according to the company’s notice.
Despite the breach, a Comcast spokesperson assured that there is no evidence of leaked customer data or attacks on customers. Mitigation guidance was issued by Citrix on October 23, and Comcast promptly patched and mitigated the Citrix vulnerability.
Comcast has informed federal law enforcement and initiated an investigation. According to a Mandiant analysis, the CitrixBleed vulnerability enables attackers to hijack legitimate user sessions on NetScaler ADC and Gateway appliances for network reconnaissance and credential theft.
Mandiant suspects a wider impact across various sectors globally due to Citrix’s widespread adoption in enterprises. Comcast, after further reviewing affected systems, disclosed that the acquired information during the incident might also include customer names, contact details, dates of birth, and secret questions and answers. The data analysis is ongoing, according to the company’s notice.