ClickCease Xfinity accounts breached despite 2FA

Join Our Popular Newsletter

Join 4,500+ Linux & Open Source Professionals!

2x a month. No spam.

Xfinity accounts breached despite 2FA

Obanla Opeyemi

January 2, 2023 - TuxCare expert team

In an extensive two-factor authentication bypass campaign, multiple Comcast Xfinity email accounts were hacked, and the disrupted accounts were used to reset passwords for other services. This comes shortly after Comcast Xfinity announced price increases for the new year.

The users are lamenting across social media that, despite the use of two-factor authentication, customers of the American telecommunications company reported that their accounts had been hacked. They also stated that the attackers are using the compromised accounts to gain access to and hijack the victims’ other services, including Evernote, Dropbox, and the cryptocurrency exchanges Coinbase and Gemini.

Attackers began sending notifications to Xfinity email users about changes to their account information on December 19, and users who initially couldn’t access their accounts due to changed passwords eventually discovered their accounts had been hacked and included a secondary email at the @yopmail.com domain.

Meanwhile, according to a researcher, the attacks are being carried out using credential stuffing attacks to determine the login credentials for Xfinity attacks. The researcher went on to explain that once the attackers gain access to the account and are prompted to enter their 2FA code, they allegedly use a privately circulated OTP bypass for the Xfinity site to forge successful 2FA verification requests. Once logged in, they can change the secondary email address to the @yopmail.com account and reset passwords.

“Starting on December 19th, many Xfinity email users began receiving notifications that their account information had been changed. However, when attempting to access the accounts, they could not log in as the passwords had been changed,” BleepingComputer reported. “After regaining access to the accounts, they discovered they had been hacked and a secondary email at the disposable @yopmail.com domain was added to their profile.”

Xfinity’s response to a users complaint after the user’s account was compromised twice in 4 hours, was that the user should engage in a struggle with the hackers, and keep changing password back every time after they changed it.

Comcast has not yet issued a public response.

The sources for this piece include an article in BleepingComputer.

Summary
Xfininty accounts breached despite 2FA
Article Name
Xfininty accounts breached despite 2FA
Description
In an extensive two-factor authentication bypass campaign, multiple Comcast Xfinity email accounts were hacked, and the disrupted accounts were used to reset passwords.
Author
Publisher Name
TuxCare
Publisher Logo

Looking to automate vulnerability patching without kernel reboots, system downtime, or scheduled maintenance windows?

Learn About Live Patching with TuxCare

Related Articles

How GPT models can be...

According to CyberArk researchers, GPT-based models like ChatGPT can be...

January 30, 2023

Attackers actively exploit Unpatched Control...

Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...

January 27, 2023

Attackers distribute malware via malicious...

Deep Instinct researchers reported that RATs like StrRAT and Ratty...

January 26, 2023

CircleCI partners AWS to identify...

According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...

January 25, 2023

Cisco warns of authentication bypass...

A remote attacker could exploit multiple vulnerabilities in four Cisco...

January 24, 2023

IceID malware infiltrates Active Directory...

In a notable IcedID malware attack, the assailant impacted the...

January 23, 2023