Comcast confirmed that a data breach has affected close to 36 million Xfinity customers. Based on the company’s reported number of subscribers, this means practically all Xfinity customers have been placed at risk.
TechCrunch reports that Comcast, the U.S. telecom giant, has recently disclosed a massive data breach impacting its Xfinity division. Nearly 36 million customers have had their sensitive information compromised due to hackers exploiting a critical-rated security vulnerability, known as “CitrixBleed,” in Citrix networking devices. This vulnerability is prevalent in systems used by large corporations and has been a target for hackers since late August.
The breach occurred when attackers accessed Comcast’s internal systems between October 16 and 19, 2023. However, the company did not detect this malicious activity until October 25. By November 16, it was determined that customer data was likely acquired, and in December, Comcast concluded that the breach included customer usernames and hashed passwords, along with other sensitive data such as contact information, dates of birth, Social Security numbers, and security questions and answers.
Citrix released patches for the flaw in early October, but many organizations, including Comcast, did not implement these in time, leading to the breach. The compromised data poses significant risks, including identity theft and fraud, given the nature of the information accessed.
Comcast has not disclosed the exact number of affected customers but confirmed in a filing with Maine’s attorney general that almost 35.8 million customers are impacted. The company’s latest earnings report indicates over 32 million broadband customers, suggesting a vast majority, if not all, of Xfinity customers are affected.