A whole range of user information suddenly became the property of cybercriminals.
Cable TV and Internet service provider Xfinity (a division of Comcast Corp) reported a cyberattack on its systems that occurred in October.
On October 25, two weeks after Citrix released security updates to address a critical vulnerability dubbed Citrix Bleed and identified by the identifier CVE-2023-4966, Xfinity detected traces of malicious activity in its network infrastructure. Hackers reportedly had access to the company's networks from October 16 to 19. At the same time, according to Mandiant, active exploitation of this vulnerability began at the end of August.
On November 16, as a result of an investigation into the incident, Xfinity revealed that attackers managed to exfiltrate information, affecting the data of 35,879,455 people . On December 6, the company concluded that the stolen information contained usernames and hashed passwords. For some clients, names, contact information, the last four digits of social security numbers, dates of birth, and security questions and answers may also have been compromised.
It is noteworthy that a year ago, the accounts of Xfinity customers were also hacked during massive credential matching attacks, which allowed attackers to reset passwords for other services, including the Coinbase and Gemini cryptocurrency exchanges.
Representatives of Xfinity note that the company's operating activities were not affected during the attack, and there were still no ransom demands after the incident. Apparently, the company itself does not believe that something terrible has happened, despite the impressive number of affected customers. As a precautionary measure, Xfinity recommended that users reset their account passwords and enable two-factor authentication.
Cable TV and Internet service provider Xfinity (a division of Comcast Corp) reported a cyberattack on its systems that occurred in October.
On October 25, two weeks after Citrix released security updates to address a critical vulnerability dubbed Citrix Bleed and identified by the identifier CVE-2023-4966, Xfinity detected traces of malicious activity in its network infrastructure. Hackers reportedly had access to the company's networks from October 16 to 19. At the same time, according to Mandiant, active exploitation of this vulnerability began at the end of August.
On November 16, as a result of an investigation into the incident, Xfinity revealed that attackers managed to exfiltrate information, affecting the data of 35,879,455 people . On December 6, the company concluded that the stolen information contained usernames and hashed passwords. For some clients, names, contact information, the last four digits of social security numbers, dates of birth, and security questions and answers may also have been compromised.
It is noteworthy that a year ago, the accounts of Xfinity customers were also hacked during massive credential matching attacks, which allowed attackers to reset passwords for other services, including the Coinbase and Gemini cryptocurrency exchanges.
Representatives of Xfinity note that the company's operating activities were not affected during the attack, and there were still no ransom demands after the incident. Apparently, the company itself does not believe that something terrible has happened, despite the impressive number of affected customers. As a precautionary measure, Xfinity recommended that users reset their account passwords and enable two-factor authentication.
