Xfinity is reaching out to its customers to inform them about a data security incident that unfolded in October 2023. The Citrix vulnerability notice, initiated today, shares details into the incident and the type of data compromised.
The Xfinity data security incident originated with a vulnerability in software utilized by Xfinity, among numerous other global companies. Citrix, a prominent cloud computing and virtualization technology provider, identified the vulnerability on October 10, 2023, and promptly released a security patch.
Additional mitigation guidance followed on October 23, 2023. Acting swiftly, Xfinity applied the necessary security patch and mitigated the Citrix vulnerability within its systems.
Understanding Xfinity Data Security Incident and Citrix Vulnerability
Despite these proactive measures, a routine cybersecurity exercise on October 25 revealed suspicious activity within Xfinity’s internal systems. Subsequent investigation determined that between October 16 and October 19, 2023, unauthorized access occurred as a consequence of the Citrix vulnerability.
Xfinity, promptly notified federal law enforcement and initiated an investigation to understand the nature and scope of the incident.
On November 16, 2023, it was confirmed that some information had been likely acquired. A thorough review conducted on December 6, 2023, revealed that the compromised customer information included usernames and hashed passwords.
For certain customers, additional details such as names, contact information, last four digits of social security numbers, dates of birth, and/or secret questions and answers may have been included.
Mitigation over Xfinity Data Security Incident and Citrix vulnerability
To safeguard affected accounts, Xfinity has enforced password resets for its customers. Additionally, the company strongly recommends the adoption of two-factor or multi-factor authentication to enhance the security of Xfinity accounts.
Acknowledging the potential risk of password reuse across multiple accounts, Xfinity advises customers to change passwords for any other accounts utilizing the same login credentials or security questions.
Customers seeking clarification or assistance can contact Xfinity’s dedicated call center at 888-799-2560, which operates 24 hours a day, seven days a week. Further details are available on the Xfinity website at www.xfinity.com/dataincident.
Xfinity reassures its customers of its commitment to data protection and security. Despite this incident, the company remains dedicated to ongoing investments in technology, protocols, and expertise to safeguard its customers from potential cybersecurity threats.
Xfinity understands the trust customers place in the company to protect their information and emphasizes its serious commitment to maintaining a secure and resilient data environment.
Media Disclaimer: This report is based on internal and external research obtained through various means. The information provided is for reference purposes only, and users bear full responsibility for their reliance on it. The Cyber Express assumes no liability for the accuracy or consequences of using this information.