By using this site, you agree to the Privacy Policy and Terms of Use.
Accept
RebruitRebruitRebruit
  • Latest
  • Finance
  • Technology
  • Security
  • Guides
Reading: Comcast Data Breach Exposes 36 Million Xfinity Customers to CitrixBleed Exploitation
Font ResizerAa
RebruitRebruit
Font ResizerAa
Search
  • Latest
  • Finance
  • Technology
  • Security
  • Guides
Follow US
  • About
  • Our Standards
  • Contact
  • Privacy Policy
  • Cookie Policy
  • Terms of use
© 2025 REBRUIT | We don’t control content on external sites. Read more about how we handle external links

Home » Comcast Data Breach Exposes 36 Million Xfinity Customers to CitrixBleed Exploitation

Security

Comcast Data Breach Exposes 36 Million Xfinity Customers to CitrixBleed Exploitation

December 19, 2023
Share
3 Min Read
CitrixBleed
SHARE

Comcast has acknowledged a security breach resulting in the exposure of sensitive information belonging to almost 36 million Xfinity customers. The breach exploited a critical-rated vulnerability known as “CitrixBleed,” predominantly affecting Citrix networking devices used by major corporations.

Despite Citrix releasing patches in early October, the vulnerability remained actively exploited by hackers, impacting organizations such as Boeing, the Industrial and Commercial Bank of China, and international law firm Allen & Overy.

In a notice to customers on Monday, Comcast’s cable television and internet division, Xfinity, confirmed falling victim to the CitrixBleed exploit. The breach occurred between October 16 and October 19, with malicious activity remaining undetected until October 25.

By November 16, Xfinity determined that hackers likely acquired information, including usernames and hashed passwords, the encryption method of which is yet to be disclosed. The hashed passwords are typically stored in a way that renders them unreadable to humans, but the specific algorithm used remains unclear.

Customer data compromised in the breach includes, for an unspecified number of users, names, contact information, dates of birth, the last four digits of Social Security numbers, and secret questions and answers. Comcast is continuing data analysis, indicating the possibility of additional types of accessed data.

While the notice does not specify the number of impacted Xfinity customers, a filing with Maine’s attorney general confirms that nearly 35.8 million customers are affected. Considering Comcast’s latest earnings report, which indicates over 32 million broadband customers, it is apparent that the breach likely affected a significant portion, if not all, Xfinity customers.

Comcast has not disclosed whether a ransom demand was received, the operational impact of the incident, or whether the breach has been reported to the U.S. Securities and Exchange Commission, as required by regulatory rules. Comcast’s spokesperson, Joel Shadle, refrained from providing additional details.

Despite the breach, Comcast claims not to be aware of any customer data leaks or attacks on customers. To mitigate risks, Xfinity is mandating password resets for affected customers and recommending the implementation of two-factor or multi-factor authentication, though it is not enforced by default for all customer accounts. Ongoing data analysis will inform customers of any additional information as the situation develops.

Share This Article
Facebook Whatsapp Whatsapp Bluesky Copy Link
Leave a Comment

Leave a Reply Cancel reply

Your email address will not be published. Required fields are marked *

Recent Posts

Block
Square’s Bitcoin Payment Pilot: Bringing Crypto to Everyday Retail
Finance
METAMASK
MetaMask Embraces Solana: A New Era for Multi-Chain Wallets
Finance
Read Smarter, Not Harder
Read Smarter, Not Harder: These Apps Will Help You Read More Anywhere
Guides
Samsung-One-UI-8
15+ New Features Coming to One UI 8
Latest
samsung
Don Belle Boost Samsung Galaxy A-Series Buzz
Latest

You Might Also Like

ZKsync
Security

ZKsync Account Hack: What Happened and What It Means

May 25, 2025
M&S Cyber Attack
Security

How Hackers Broke Into M&S and Co-op: It Wasn’t a Glitch — It Was Human Error

May 6, 2025
Marks-and-Spencer-cyber-attack
Security

M&S cyberattack: Recruitment paused and supply issues reported

May 1, 2025
M&S Pause Online order
Security

M&S pauses all online orders after cyber attack

May 1, 2025
M&S Attack
Security

M&S confirms cyberattack after days of disruption

May 1, 2025
23andMe
Security

23andMe Bankruptcy Raises Serious DNA Privacy Concerns

April 21, 2025
Google Play
Security

New Google Play system update now force your phone to auto-reboot after three days

April 22, 2025
Global Cybersecurity Agencies Uncover Spyware Hidden in Android Apps
Security

Global Cybersecurity Agencies Uncover Spyware Hidden in Android Apps

April 24, 2025
Follow US
© 2025 REBRUIT | We don’t control content on external sites. Read more about how we handle external links
  • About
  • Our Standards
  • Contact
  • Privacy Policy
  • Cookie Policy
  • Terms of use
Welcome Back!

Sign in to your account

Username or Email Address
Password

Lost your password?