Topics
late
AI
Amazon
Image Credits:Comcast
Apps
Biotech & Health
Climate
Image Credits:Comcast
Cloud Computing
Commerce
Crypto
endeavor
EVs
Fintech
Fundraising
Gadgets
Gaming
Government & Policy
Hardware
layoff
Media & Entertainment
Meta
Microsoft
privateness
Robotics
Security
Social
blank
startup
TikTok
Transportation
speculation
More from TechCrunch
result
Startup Battlefield
StrictlyVC
Podcasts
Videos
Partner Content
TechCrunch Brand Studio
Crunchboard
Contact Us
Comcast has confirmed that hackers exploiting a decisive - grass security vulnerability reach the tender information of almost 36 million Xfinity customers .
This exposure , have it off as “ CitrixBleed , ” is found in Citrix networking devices often used by big pot and has beenunder hoi polloi - exploitation by hackers since late August . Citrix made patches uncommitted in early October , but many organisation did not piece in time . hacker have used the CitrixBleed exposure to hack into big - name victim , including aerospace giant Boeing , the Industrial and Commercial Bank of China and international law firm Allen & Overy .
Xfinity , Comcast ’s cable system television system and internet division , became the latest CitrixBleed dupe , the company confirmed ina notice to customerson Monday .
The U.S. telecom behemoth aver that hackers exploiting the CitrixBleed vulnerability had access to its inner systems between October 16 and October 19 , but that the troupe did not detect the “ malicious bodily function ” until October 25 .
By November 16 , Xfinity determined that “ information was likely produce ” by the hackers , and in December , the company concluded that this included client data , including usernames and “ hashed ” passwords , which are struggle and store in a way that ca-ca them unreadable to humans . It ’s not immediately clear how the passwords were scramble or using which algorithm , as some weaker hashing algorithmic rule can be crack .
The company says for an unspecified number of customers , hacker may have also get at names , liaison information , dates of birthing , the last four digits of Social Security numbers and their secret questions and answers .
Comcast notes that “ our data analysis is continuing , and we will provide extra poster as appropriate , ” suggest additional types of data may also have been accessed .
Join us at TechCrunch Sessions: AI
Exhibit at TechCrunch Sessions: AI
The observance does n’t say how many Xfinity customers have been touch , and Comcast spokesperson Joel Shadle declined to say when inquire by TechCrunch . Ina filing with Maine ’s lawyer general , Comcast sustain that almost 35.8 million customer are bear on by the breach . Comcast ’s latestearnings reportshows the company has more than 32 million broadband customer , indicate this breach has impacted most , if not all Xfinity customers .
It ’s not yet get laid whether Xfinity received a ransom money demand , how the incident has impacted the caller ’s operators or whether the incident has been filed with the U.S. Securities and Exchange Commission , as involve by the governor ’s new data breach reporting rules . Comcast ’s voice would not say .
“ We are not aware of any customer data being leaked anywhere , nor of any attacks on our customers , ” said Shadle in an email to TechCrunch .
Xfinity says it is requiring that customers readjust their passwords and recommends the use of two - factor or multi - factor authentication — which the company does n’t involve by default option — for all customer account .
Updated with additional input from Comcast .
say more on TechCrunch :
Tech endowment you should n’t purchase your family and friends for the holidays
