Data Breaches

Xfinity Data Breach Impacts 36 Million Individuals

The recently disclosed Xfinity data breach, which involved exploitation of the CitrixBleed vulnerability, impacts 36 million individuals

Published

Xfinity data breach

The data breach disclosed recently by Comcast’s Xfinity impacts nearly 36 million individuals, the company told US authorities.

The incident was disclosed by the telecommunications and smart home solutions provider on December 18, when it admitted that hackers gained access to customer usernames and hashed passwords, as well as names, dates of birth, contact information, secret questions and answers, and the last four digits of social security numbers in some cases. 

While the company’s press release and customer notice does not include information on the number of affected individuals, Xfinity told the Maine Attorney General’s Office that the data breach impacts 35,879,455 people.

Comcast recently reported having roughly 32 million customers, which suggests that the data breach could affect all Xfinity customers and possibly employees as well. 

SecurityWeek has reached out to Comcast for clarifications and will update this article if the company responds. 

The attack on Xfinity involved exploitation of a Citrix Netscaler ADC and Gateway vulnerability named CitrixBleed and tracked as CVE-2023-4966. This critical vulnerability can allow hackers to hijack existing sessions and gain access to the targeted organization’s systems. 

Citrix announced the availability of patches on October 10, but the vulnerability had been exploited as a zero-day since at least August. Mass exploitation of CitrixBleed started a few weeks after the fixes were released. 

Xfinity said it “promptly” installed the patches, but discovered on October 25 that malicious actors had exploited CitrixBleed to gain access to its systems between October 16 and 19. 

Advertisement. Scroll to continue reading.

The company has required customers to change their passwords following the discovery of the intrusion. 

CitrixBleed is believed to have been exploited in attacks against many high-profile organizations, including Toyota.

Related: Exploitation of Critical ownCloud Vulnerability Begins

Related: Citrix, Gov Agencies Issue Fresh Warnings on CitrixBleed Vulnerability

Related: Ransomware Group Leaks Files Allegedly Stolen From Boeing

In this article:,

Related Content

Nissan ransomware data breach

Data Breaches

Nissan Data Breach Impacts 53,000 Employees

Nissan North America determined recently that a ransomware attack launched last year resulted in employee personal information compromise.

2 days ago

Data Breaches

Personal Information Stolen in City of Wichita Ransomware Attack

The City of Wichita says files containing personal information were exfiltrated in a recent ransomware attack.

2 days ago

Data Breaches

Santander Data Breach Impacts Customers, Employees

The Spanish bank Santander said customers in Chile, Spain and Uruguay are affected by a data breach at a third-party provider.

3 days ago

Data Breaches

900k Impacted by Data Breach at Mississippi Healthcare Provider

Singing River Health System says the personal information of roughly 900,000 individuals was stolen in an August 2023 ransomware attack.

3 days ago

Data Breaches

Student, Personnel Information Stolen in City of Helsinki Cyberattack

The City of Helsinki says usernames, email addresses, and personal information was stolen in a recent cyberattack.

4 days ago

Data Breaches

Zscaler Confirms Only Isolated Test Server Was Hacked

Zscaler has completed its investigation into the recent hacking claims and found that only an isolated test environment was compromised.

4 days ago

Data Breaches

Europol Investigating Breach After Hacker Offers to Sell Classified Data

Europol is investigating a data breach, but says no core systems are impacted and no operational data has been compromised.

5 days ago

Data Breaches

FBCS Collection Agency Data Breach Impacts 2.7 Million

Financial Business and Consumer Solutions (FBCS) says the personal information of 2.7 million was impacted in the recent data breach.

5 days ago

Copyright © 2024 SecurityWeek ®, a Wired Business Media Publication. All Rights Reserved.

Exit mobile version