By REBECCA RUTHERFORD
For the Los Alamos Daily Post

Data breaches happen…a lot.

How many data breaches do you think there were in the US in 2023?

• • • • • A. 12
        • B. 1,000,000
        • C. 267,000
        • D. 2,116

The answer is D. 2,116. 

So approximately 6 breaches a day, just in the US. 

Total number of victims in the US, about 234 million.  

In a notice released in December, Xfinity said “there was unauthorized access” to its systems from Oct.  16 to Oct. 19, 2023.

How did this happen? The same way many data breaches happen…vulnerabilities.

In this case, there was a vulnerability in Citrix network appliances used by businesses all over the world, called “Citrix Bleed”. Because you can’t have a vulnerability without a catchy name, c’mon people!  

The flaw, otherwise known as CVE 2023-4966, impacts Citrix NetScaler web application delivery control and NetScaler Gateway appliances. Federal officials and partners turned a spotlight on the vulnerability and issued a joint advisory, giving advice and details, including indicators of compromise; observed tactics, techniques and procedures; and detection methods. This notice had been issued Oct. 10, in theory giving companies time to patch, though security research companies had been seeing it exploited in the wild since August 2023.

What data was breached?  According to Xfinity, “some customers” may have had their names, contact information, the last four digits of their social security numbers, dates of birth, and/or secret questions and answers exposed, as well as usernames and hashed passwords. Xfinity has notified federal law enforcement about the incident and says the “data analysis is continuing.”  

What is a hashed password? Password hashing turns your password (or any other data) into a short string of letters and/or numbers using an encryption algorithm. This certainly offers protections, but it depends on the strength of the encryption used. There are many ways to crack a hashed password, especially given today’s epic compute power.  

Xfinity has asked customers to change their passwords. If you were using your Xfinity password for other sites, you need to change those passwords as well. It is trivial for an adversary to search the internet for email/username and password combos and gain access to any accounts where you used the same password. They can automate the process to check if the login combo exists.  

I highly recommend that, if you have not already, you enable two factor authentication on your Xfinity account, and any other accounts you wish to protect from compromise. Generally this can be done in account settings, either via a hardware key, phone number, or authentication app. Doing this one simple thing can save you a lot of grief.  And of course, never give out the authentication codes to any third party.  

What does this mean for you? If you are one of the breached customers it can leave you open to scams.  I’ve heard reports from locals that they have gotten calls from “Xfinity” attempting to get banking and other account information, and that the callers did have information on the customers that made it seem convincing. Something felt off and they did not fall for the scam, but be alert of any calls from “Xfinity” requesting any information, politely decline, note the caller number, and call Xfinity directly at any publicly available contact number to report the interaction and verify legitimacy. It can also leave you open to a wide range of other scams from your stolen data.

Be aware of this data breach, and monitor your accounts for any odd activity. Reset your Xfinity password, and make sure two factor authentication is enabled. If you used the same password from your Xfinity account anywhere else make sure you change it. Be aware that this breach makes you a target for a range of scams, ranging from phone calls and texts to phishing emails. Stay safe online, and lock down your accounts!