Xfinity waited 13 days to patch critical Citrix Bleed 0-day. Now it’s paying the price

Enlarge / A Comcast Xfinity service van in San Ramon, California on February 25, 2020. Getty Images | Smith Collection/Gado

Comcast waited 13 days to patch its network against a high-severity vulnerability, a lapse that allowed hackers to make off with password data and other sensitive information belonging to 36 million Xfinity customers.

The breach, which was carried out by exploiting a vulnerability in network hardware sold by Citrix, gave hackers access to usernames and cryptographically hashed passwords for 35.9 million Xfinity customers, the cable TV and Internet provider said in a notification filed Monday with the Maine attorney

→ Continue reading at Ars Technica

Related articles

Comments

Share article

Latest articles