Comcast Xfinity accounts hacked in widespread 2FA bypass attacks

Gandalf_The_Grey

Gandalf_The_Grey

Level 83
Thread author
Verified
Honorary Member
Top Poster
Content Creator
Well-known
Apr 24, 2016
7,260
Content source
https://www.bleepingcomputer.com/news/security/comcast-xfinity-accounts-hacked-in-widespread-2fa-bypass-attacks/
Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges.

Starting on December 19th, many Xfinity email users began receiving notifications that their account information had been changed. However, when attempting to access the accounts, they could not log in as the passwords had been changed.

After regaining access to the accounts, they discovered they had been hacked and a secondary email at the disposable @yopmail.com domain was added to their profile.

Similar to Gmail, Xfinity allows customers to configure a secondary email address to be used for account notifications and password resets in the event they lose access to their Xfinity account.
Click to expand...
A researcher has told BleepingComputer that the attacks are being conducted through credential stuffing attacks to determine the login credentials for Xfinity attacks.

Once they gain access to the account and are prompted to enter their 2FA code, the attackers allegedly use a privately circulated OTP bypass for the Xfinity site that allows them to forge successful 2FA verification requests.

Once logged into the account, they can change the secondary email to the @yopmail.com account and perform password resets.

The main Xfinity email will also receive a notification that their information was changed, but as the password has been changed as well, will be unable to access it.
Click to expand...
BleepingComputer reached out to Comcast press contacts several times this week but has yet to receive a reply to our emails.

However, an Xfinity customer posted on Reddit that the company is aware of the account breaches and looking for the source of the hacks.

"I spoke to a second person in the xfinity security department that told me not to worry about the fraudulent yopmail account on my xfinity account and indicated that this had happened with many (maybe all) xfinity accounts," a user posted to Reddit about the hacks.

"She indicated that xfinity is still working to find the source of the hack. Apparently this this is a much more widespread issue than is being reported. It does not seem that xfinity e-mail is secure at this time."
Click to expand...
www.bleepingcomputer.com

Comcast Xfinity accounts hacked in widespread 2FA bypass attacks

Comcast Xfinity customers report their accounts being hacked in widespread attacks that bypass two-factor authentication. These compromised accounts are then used to reset passwords for other services, such as the Coinbase and Gemini crypto exchanges.
www.bleepingcomputer.com www.bleepingcomputer.com
 
  • Like
  • Wow
  • +Reputation
Reactions: [correlate], oldschool and harlan4096
Andrezj

Andrezj

Level 6
Verified
Well-known
Nov 21, 2022
248
Gandalf_The_Grey said:
credential stuffing attacks
Click to expand...
"
Credential stuffing is a type of brute-force attack that relies on automated tools to test large volumes of stolen usernames and passwords across multiple sites until one works. Credential stuffing preys upon two things:

  1. Many organizations still allow customers and employees to use password-only logins (without MFA).
  2. Users are so overwhelmed by the number of logins they have (upwards of 200 on average) that they resort to reusing passwords across multiple accounts.
"
 
  • Like
Reactions: [correlate]
Andrezj

Andrezj

Level 6
Verified
Well-known
Nov 21, 2022
248
blackice said:
Credential stuffing - use a unique password for each account. Easy peasy.

@Andrezj already covered.
Click to expand...
perhaps for you, but you are security minded, the vast majority of people out in userland are not, and from this the never ending lesson is that security software alone cannot protect them
when it comes to digital security, user behavior is a much greater determinant to safety than any other factor
 
  • Like
Reactions: [correlate] and oldschool
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Andrezj said:
perhaps for you, but you are security minded, the vast majority of people out in userland are not, and from this the never ending lesson is that security software alone cannot protect them
when it comes to digital security, user behavior is a much greater determinant to safety than any other factor
Click to expand...
But credential stuffing isn’t a failing of Comcast. Articles like this scare people because they think they are helpless against hackers. The 2FA bypass is a MAJOR failing, but still not a viable hack without credential stuffing.
 
  • Like
Reactions: [correlate] and oldschool
Andrezj

Andrezj

Level 6
Verified
Well-known
Nov 21, 2022
248
blackice said:
But credential stuffing isn’t a failing of Comcast. Articles like this scare people because they think they are helpless against hackers. The 2FA bypass is a MAJOR failing, but still not a viable hack without credential stuffing.
Click to expand...
i did not say credential stuffing is a comcast failing, it is however users who make credential stuffing and password spraying an easy way to breach a system
users are at fault when they use the same password or easily cracked passwords
one cannot blame anyone else other than users - it is their habits that caused this very problem
they are not helpless but at the same time digital security and doing the things to stay secure are not the average person's priority
 
  • Like
Reactions: [correlate]
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Andrezj said:
i did not say credential stuffing is a comcast failing, it is however users who make credential stuffing and password spraying an easy way to breach a system
users are at fault when they use the same password or easily cracked passwords
one cannot blame anyone else other than users - it is their habits that caused this very problem
they are not helpless but at the same time digital security and doing the things to stay secure are not the average person's priority
Click to expand...
Oh I sorry wasn’t accusing you of that. I should have made that more clear. I think the articles written about these types of things don’t do a good job of explaining to non-tech people what actually is happening, and how to easily avoid being a victim. It just scares people.
 
  • Applause
  • Like
Reactions: [correlate] and oldschool
Andrezj

Andrezj

Level 6
Verified
Well-known
Nov 21, 2022
248
blackice said:
Oh I sorry wasn’t accusing you of that. I should have made that more clear. I think the articles written about these types of things don’t do a good job of explaining to non-tech people what actually is happening. It just scares people.
Click to expand...
cybersecurity news is all about click-bait and page views, it is not about educating people
educating citizens about digital security is hardly done in society, so many people graduate from school or university and know next to nothing about cybersecurity, "i need to install av" is about the extent of knowledge
 
  • Like
Reactions: [correlate], oldschool and blackice
blackice

blackice

Level 39
Verified
Top Poster
Well-known
Apr 1, 2019
2,868
Andrezj said:
cybersecurity news is all about click-bait and page views, it is not about educating people
educating citizens about digital security is hardly done in society, so many people graduate from school or university and know next to nothing about cybersecurity, "i need to install av" is about the extent of knowledge
Click to expand...
Agreed
 
  • Like
Reactions: [correlate]
You must log in or register to reply here.

Similar threads

Gandalf_The_Grey
    • Like
    • +Reputation
    • Wow
Security News Roku warns 576,000 accounts hacked in new credential stuffing attacks
Replies
0
Views
1,382
Security News
Gandalf_The_Grey
Gandalf_The_Grey
vtqhtr413
    • Like
    • +Reputation
Security News Threat actors use Tycoon 2FA kits to target MS 365 and Gmail accounts
Replies
3
Views
1,366
Security News
vtqhtr413
vtqhtr413
Gandalf_The_Grey
    • Wow
Crypto Opinions & News Hacker locks Unicoin staff out of Google accounts for 4 days
Replies
0
Views
672
Crypto News
Gandalf_The_Grey
Gandalf_The_Grey

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

Quick Navigation

Forum Rules Warning System Welcome Guide Two-factor Authentication

User Menu

Login

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top