Data Breach
Xfinity (Comcast) Data Breach
35.9M records exposed • October 2023
Comcast got hacked through a bug in Citrix software. 36 million Xfinity customers' data was stolen, including those security questions like "What's your mother's maiden name?"
What Happened
Comcast's Xfinity division was breached via the Citrix Bleed vulnerability, affecting nearly 36 million customers. The breach exposed security questions and answers.
Attack method: Citrix Bleed vulnerability (CVE-2023-4966)
What Data Was Exposed
Usernames, Hashed passwords, Names, Contact information, Last 4 of SSN, Dates of birth, Secret questions/answers
Is your business exposed?
What to Do If You're Affected
- 1.
Change your Xfinity password
- 2.
Change security questions everywhere you used similar ones
- 3.
Enable two-factor authentication
Lessons for Businesses
- • Security questions are a weak authentication method
- • Patch critical vulnerabilities immediately
- • Citrix Bleed affected many organizations
Sources
Related Breaches
Is your business exposed?
Check if your company data is circulating on the dark web
Free scan • No credit card required