Comcast’s subsidiary, Xfinity, has found itself entangled in a significant data breach that has affected an estimated 36 million customers. The breach stemmed from a vulnerability discovered in Citrix software, termed “CitrixBleed,” which led to unauthorized access to sensitive customer information.
The breach occurred between October 16 and 19, 2023, within Comcast’s internal systems. The intrusion came to light during a routine cybersecurity assessment on October 25, 2023, prompting swift actions from the company to address the issue and mitigate potential risks associated with the compromised data.
The accessed information includes usernames and hashed passwords, with some customers potentially having additional data compromised, such as names, contact details, partial Social Security numbers, dates of birth, and secret questions and answers. Comcast initiated notifications to affected customers on December 18, 2023, through various communication channels, urging password resets and advising users to implement two-factor or multi-factor authentication as a security measure.
As of the disclosure, Comcast asserted no knowledge of leaked customer data or direct attacks on its customers. However, a comprehensive investigation is underway to ascertain the full extent and ramifications of the breach.
To safeguard against potential risks, Xfinity customers are advised to reset their passwords immediately and opt for enhanced authentication methods. Additionally, individuals using the same passwords across multiple services are encouraged to update their credentials across platforms and adopt unique passwords for each service to bolster security.
The breach emphasizes the ongoing battle against cybersecurity threats, highlighting the importance of robust security measures and proactive responses to safeguard customer data in an increasingly digital landscape.