Citrix Vulnerability Exploitation Results in Comcast Xfinity Data Breach

In a recent disclosure, Comcast Cable’s Xfinity brand revealed that the October 2023 Citrix-related security incident compromised sensitive information of nearly 36 million customers.

The telecommunication company revealed that despite patching the security flaw announced by Citrix on October 10, hackers managed to exploit the Citirix vulnerability to access Xfnity’s network.

Comcast, in a notification to the Office of the Maine Attorney General, revealed that additional mitigation measures was issued by Citrix on October 23, which was promptly adopted by Xfinity.

‘’However, we subsequently discovered that prior to mitigation, between October 16 and October 19, 2023, there was unauthorized access to some of our internal systems that we concluded was a result of this vulnerability,’’ the notification stated.

In addition to launching an investigation, the company notified the concerned federal authorities about the nature and scope of the incident. Its investigation on November 16 revealed that information from its network had been compromised.

‘’On December 6, 2023, we concluded that the information included usernames and hashed passwords. For some customers, other information was also included such as names, contact information, last four digits of social security numbers, dates of birth and/or secret questions and answers. However, our data analysis is continuing, and we will provide additional notices as appropriate.’’

In order to protect its customers, the firm has advised them to reset their passwords, including enrolling for two-factor authentication (2FA). It further asked them ‘’not to re-use passwords across multiple accounts, if you do use the same information elsewhere, we recommend that you change the information on those other accounts, as well.’’

The critical-security vulnerability, tracked as CVE-2023-4966 and known as ‘’CitrixBleed,’’ had been exploited in the wild by hackers since late August 2023. Found in NetScaler ADC and NetScaler Gateway devices, this flaw allows unauthorized actors to bypass security and hijack sessions.