Comcast says hackers stole the data of nearly 36 million Xfinity customers

Image credits: Comcast

Comcast has confirmed that hackers who exploited a critical vulnerability accessed the sensitive information of nearly 36 million Xfinity customers.

This vulnerability, known as “CitrixBleed,” was found in Citrix networking devices often used by major enterprises, and has been widely exploited by hackers since late August. Citrix made patches available in early October, but many organizations did not patch in time. Hackers used the CitrixBleed vulnerability to compromise big-name victims, including aerospace giant Boeing, the Industrial and Commercial Bank of China, and international law firm Allen & Overy.

Xfinity, Comcast’s cable TV and Internet division, has become the latest victim of CitrixBleed, the company confirmed in 2019. Notice to customers on monday.

The US telecommunications giant said that hackers who exploited the CitrixBleed vulnerability were able to access its internal systems between October 16 and 19, but the company did not detect “malicious activity” until October 25.

By November 16, Xfinity determined that “the information was likely obtained” by hackers, and in December, the company concluded that this included customer data, including “hashed” usernames and passwords, which is encrypted and stored in a way that makes it unusable. Readable. To humans. It is not immediately clear how the passwords were encrypted or what algorithm was used, as some weaker hashing algorithms can be compromised.

The company says that for an unspecified number of customers, the hackers may also have accessed names, contact information, dates of birth, last four digits of Social Security numbers, and their secret questions and answers.

Comcast notes that “analysis of our data is ongoing, and we will provide additional notifications as appropriate,” suggesting that additional types of data may also have been accessed.

The notice doesn’t say how many Xfinity customers were affected, and Comcast spokesman Joel Schadel declined to say when asked by TechCrunch. in File with the Maine Attorney GeneralComcast confirmed that approximately 35.8 million customers were affected by the hack. Latest Comcast Earnings report It shows that the company has more than 32 million broadband customers, suggesting that this breach affected most, if not all, Xfinity customers.

It is not yet known whether Xfinity received the ransom demand, how the incident affected the company’s operators, or whether the incident has been filed with the SEC, as required under the regulator’s new data breach reporting rules. A Comcast spokesman did not say.

“We are not aware of any customer data being leaked anywhere, nor of any attacks on our customers,” Shadel said in an email to TechCrunch.

Xfinity says it requires customers to reset their passwords and recommends using two-factor or multi-factor authentication — which the company does not require by default — for all customer accounts.

Updated with additional comment from Comcast.