Connect with us

Hi, what are you looking for?



Citrix Says Data Sold on Dark Web Comes From Third Party

Citrix on Wednesday denied claims that its systems have been breached and says the information being sold on the dark web actually comes from a third party and it’s not very sensitive.

Citrix on Wednesday denied claims that its systems have been breached and says the information being sold on the dark web actually comes from a third party and it’s not very sensitive.

Data breach monitoring service Under the Breach reported on Tuesday that a threat actor was offering to sell a database containing information on 2 million users. The data was allegedly obtained after breaching Citrix systems and the asking price was $20,000.

Screenshots posted by Under the Breach show that the database apparently includes names, phone numbers, email addresses, company names, and physical addresses.

In a blog post published on Wednesday, Citrix’s CISO, Fermin Serna, said the threat actor claimed to have breached the company’s network, exfiltrated data, and attempted to elevate privileges in an effort to launch a ransomware attack.

However, Serna claims that none of this is true and the data actually comes from a third party. Citrix has found no evidence that its systems have been compromised, and pointed out that hackers couldn’t have moved from the third party’s network to its own systems.

“This third party has been cooperative and responsive to our questions and direction, and has taken immediate action to isolate from the internet any Citrix related data they may have,” Serna said. “The third party is now conducting its own investigation and remediation, and is committed to keeping Citrix advised of any developments, and Citrix is ready to assist as necessary.”

Citrix’s CISO also highlighted that the impacted third party does not possess any Citrix source code or other highly sensitive intellectual property. He claims that the company only has some “low sensitivity business contact information” that does not include passwords or other credentials.

Advertisement. Scroll to continue reading.

Citrix did confirm suffering some data breaches in the past. In 2016, the company admitted that one of its marketing servers was breached the previous year, but said no customer data or other sensitive corporate information was compromised.

A more serious incident was disclosed last year, when the software giant confirmed that hackers had access to its network between October 2018 and March 2019. That attack, which the FBI attributed to an international cybercrime group, resulted in the theft of various types of information, including business documents and employee personal and financial information.

Related: Hackers Scanning for Citrix Systems Affected by Recent Vulnerabilities

Related: Attack on Software Giant Citrix Attributed to Iranian Hackers

Related: Attacks on ADC Ramp Up as Citrix Releases Remaining Patches

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

SecurityWeek’s Threat Detection and Incident Response Summit brings together security practitioners from around the world to share war stories on breaches, APT attacks and threat intelligence.


Securityweek’s CISO Forum will address issues and challenges that are top of mind for today’s security leaders and what the future looks like as chief defenders of the enterprise.


Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.


The changing nature of what we still generally call ransomware will continue through 2023, driven by three primary conditions.


Luxury retailer Neiman Marcus Group informed some customers last week that their online accounts had been breached by hackers.

Artificial Intelligence

The CRYSTALS-Kyber public-key encryption and key encapsulation mechanism recommended by NIST for post-quantum cryptography has been broken using AI combined with side channel attacks.


As it evolves, web3 will contain and increase all the security issues of web2 – and perhaps add a few more.


A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

CISO Strategy

SecurityWeek spoke with more than 300 cybersecurity experts to see what is bubbling beneath the surface, and examine how those evolving threats will present...