Xfinity discloses data breach affecting over 35 million people


On Monday, Comcast Cable Communications, operating under the name Xfinity, said that hackers who had gained access to one of its Citrix servers in October had also taken critical customer data from its systems.

Two weeks after Citrix issued security patches to patch a serious vulnerability now identified as Citrix Bleed (CVE-2023-4966), the telecoms firm discovered indications of hostile activity on its network between October 16 and October 19. This was on October 25. The Citrix vulnerability has reportedly been regularly abused as a zero-day since at least late August 2023, according to cybersecurity firm Mandiant.

Read More…