Xfinity/Comcast hacked

Comcast waited between 6 to 9 days before patching their network after Citrix disclosed a vulnerability (CVE-2023-4966) and issued a patch on Oct 10th for the "Citrix Bleed" zero-day hack. Comcast declined to say what delayed the update to their systems.

Information known to have been taken includes usernames and hashed passwords, names, contact information, last four digits of social security numbers, dates of birth, and/or secret questions and answers belonging to ~36 million Xfinity customers.

Comcast is requiring Xfinity customers to reset their passwords to protect against the possibility that hackers will crack the stolen hashed passwords. Comcast is also encouraging customers to enable two-factor authentication.

Read more here...