Hackers steal data from millions of Xfinity customers via Citrix Bleed vulnerability
Comcast’s residential cable unit, Xfinity, has been hit by a cybersecurity breach in which hackers exploiting a critical vulnerability dubbed Citrix Bleed accessed the confidential information of nearly 36 million customers.
The vulnerability is embedded in certain Citrix networking devices that are widely used across major corporations. Citrix responded with patches in early October, but the delay in implementation by many companies left them vulnerable.
“Citrix Bleed is dangerous because it allows malicious users to access sensitive data coupled with the fact that it affects commonly used Citrix devices in large organizations,” said Josh Amishav, the CEO of cybersecurity firm Breachsense. “This means that the vulnerability can be exploited en masse, leading to significant data breaches.”
Hackers used Citrix Bleed to get into Xfinity systems for a few days in mid-October, according to a notice put out by Comcast Monday. The company didn’t realize what happened until about a week later. In November, its investigation showed that hackers probably got some customer information. Then, in December, they discovered this included customer usernames and passwords. These passwords were scrambled for protection, but there’s still a chance they could be unscrambled.
The company also said that for some customers, the hackers might have gotten more personal details like names, contact info, birth dates, parts of Social Security numbers, and the answers to secret security questions.
NetScaler vulnerabilities
Citrix previously told NetScaler ADC and NetScaler Gateway customers to install updated networking product versions to prevent exploitation of vulnerabilities. The NetScaler ADC (Application Delivery Controller) and NetScaler Gateway, developed by Citrix, are tools designed to improve network applications and services’ performance, security, and availability. On October 10, Citrix revealed vulnerabilities in these products, identified as CVE-2023-4966 and CVE-2023-4967, described as “unauthenticated buffer-related” issues.
