Hackers Compromised 36 Million US Xfinity Customers' Data Via Citrix Bleed
ALPHV temporarily posts "unseizure" notice, Operation HAECHI IV busts 3,500 and seizes $300 million, Terrapin attack can undermine SSH, HCL Technologies hit by ransomware, much more
Don’t miss my latest CSO column, which runs through the top cybersecurity items contained in the 2024 NDAA passed last week.
Comcast said nearly 36 million US Xfinity accounts were compromised after hackers accessed its systems through a vulnerability in third-party cloud-computing software.
The cable giant said the compromised data includes usernames and “hashed” passwords, names, contact information, birth dates, the last four digits of users’ social security numbers, and secret questions and answers.
Comcast said the breach occurred between October 16 and October 19 and was due to a vulnerability in software made by Citrix, known as Citrix Bleed, which lets employees remotely access corporate networks and is widely used by large corporations.
Comcast said it discovered suspicious activity on its systems on October 25, more than two weeks after Citrix disclosed the software vulnerability on October 10. The affected software has now been patched, Comcas…
Keep reading with a 7-day free trial
Subscribe to Metacurity to keep reading this post and get 7 days of free access to the full post archives.