Comcast Xfinity accounts are being attacked in 2FA bypass attacks

News
By published

Hijacked accounts are being used to breach more services

Google 2FA security
(Image credit: Google)

Someone found a way to bypass the two-factor authentication (2FA) security measure at Comcast Xfinity and compromise countless accounts, reports have claimed. 

Following the bypass, the attackers are able to use the compromised accounts to try and take over cryptocurrency exchange accounts and cloud storage services.

On December 19 Xfinity email users started getting notified of changes to their account information, but their passwords were already changed so they couldn’t enter. Those that managed to get back into the account found that a secondary email address was added to the account, from a disposable domain yopmail.com.

Bypassing 2FA

The secondary email address is a security measure used by some email providers that help with password resets, account notifications, and similar. 

Many of the victims took to Twitter, Reddit, and Xfinity forums to discuss what had happened, and said that they had 2FA enabled. So, whoever was behind the attack, managed to guess the password with credential stuffing, and then managed to bypass the two-factor authentication security measure. BleepingComputer’s report states the attackers used a “privately circulated OTP (one-time password) bypass” which allowed them to generate working 2FA verification codes.

Read more

> Comcast publishes 200,000 'unlisted' phone numbers online

> What is 2FA and MFA?

> These are the best firewalls right now

That gave them access to the account, and adding the secondary, disposable email account, allowed them to perform the password reset process.

After gaining complete control over the compromised email accounts, the threat actors then proceeded to breach further online services, assuming people's identities to request email resets. Dropbox, Evernote, Coinbase, and Gemini, are just some of the services that the threat actors tried to breach.

Xfinity is keeping silent on the matter for the time being, but a customer said on Reddit that the firm is aware of the incident and is currently investigating. The same source also said that according to a customer support employee they spoke to, the issue seems to be quite widespread.

Via: BleepingComputer

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

Read more
Smartphone with new logo X twitter app background. Application twitter old blue bird change X black and white new.
Phishing campaign targets prominent X users, accounts at risk
Best email services: image of email with one unread message alert
Over 400 million unwanted and malicious emails were received by businesses in 2024
Avast cybersecurity
Zapier tells customers their data may have been accessed
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
Representational image of a shrouded hacker.
Getting to grips with Adversary-in-the-Middle threats
Illustration of a hooked email hovering over a mobile phone
AWS misconfigurations reportedly used to launch phishing attacks
Latest in Security
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Insecure network with several red platforms connected through glowing data lines and a black hat hacker symbol
Coinbase targeted after recent Github attacks
hacker.jpeg
Key trusted Microsoft platform exploited to enable malware, experts warn
IBM office logo
IBM to provide platform for flagship cyber skills programme for girls
Latest in News
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
More about security
An abstract image of digital security.

Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft

"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
AI hallucinations

We're already trusting AI with too much – I just hope AI hallucinations disappear before it's too late
See more latest
Most Popular
Girl wearing Meta Quest 3 headset interacting with a jungle playset
Latest Meta Quest 3 software beta teases a major design overhaul and VR screen sharing – and I need these updates now
Hatch Restore 3 in Putty
You can finally start your day with The Office theme song, and I couldn't be more excited
Dell Pro Max with GB300
HP and Dell's latest Nvidia powered PCs are likely to be some of the most expensive workstations ever launched
Shape of Russia filled with Russian flag-colored internet codes on a black hacking background
A new wave of blocks in Russia targets VPN apps and Cloudflare subnets
An abstract image of digital security.
Fake file converters are stealing info, pushing ransomware, FBI warns
Microsoft
"Another pair of eyes" - Microsoft launches all-new Security Copilot Agents to give security teams the upper hand
Ncuti Gatwa as The Fifteenth Doctor in Doctor Who
Disney+ drops new trailer for Doctor Who season 2 that promises an epic adventure across time and space
Cassian Andor looking nervously over his shoulder in Andor season 2
New Andor season 2 trailer has got Star Wars fans asking the same question – and it includes an ominous call back to Rogue One's official teaser
23andMe
23andMe is bankrupt and about to sell your DNA, here's how to stop that from happening
Lock on Laptop Screen
Medusa ransomware is able to disable anti-malware tools, so be on your guard