But it is not this day. Xfinity waited 13 days to patch critical Citrix Bleed 0-day. Now it’s paying the price
Critical vulnerability. Patch released. Exploited in the wild. Comcast couldn't be bothered to apply the patch for 13 days. I suppose they had more important things to do than safeguard their customers' data.
Comcast waited 13 days to patch its network against a high-severity vulnerability, a lapse that allowed hackers to make off with password data and other sensitive information belonging to 36 million Xfinity customers.
The breach of Comcast's data happened AFTER they could have applied the patch, but couldn't be bothered to take the time. They're busy! They have important stuff to do.
Comcast is requiring Xfinity customers to reset their passwords to protect against the possibility that attackers can crack the stolen hashes. The company is also encouraging customers to enable two-factor authentication. The representative declined to say why company admins didn't patch sooner.
Why apply the patch? It won't impact them for years to come.
Comcast is still investigating precisely what data the attackers obtained. So far, Monday’s disclosure said, information known to have been taken includes usernames and hashed passwords, names, contact information, the last four digits of social security numbers, dates of birth, and/or secret questions and answers. Xfinity is Comcast’s cable television and Internet division.
Security is just not of interest to Comcast. Those IT folks are always wanting to spend money on something.
No comments:
Post a Comment
Comment Moderation is in place. Your comment will be visible as soon as I can get to it. Unless it is SPAM, and then it will never see the light of day.
Be Nice. Personal Attacks WILL be deleted. And I reserve the right to delete stuff that annoys me.