Check the status of CVEs. Learn More.
Keeping your systems up 100% of the time requires live patching. Our solutions will align strongly with your risk, compliance, and operational uptime requirements.
TuxCare is trusted by the most innovative companies across the globe.
Learn about TuxCare's modern approach to reducing cybersecurity risk with Blogs, White Papers, and more.
Continually increasing Cybersecurity, stability, and availability of Linux servers and open source software since 2009.
TuxCare provides live security patching for numerous industries. Learn how TuxCare is minimizing risk for companies around the world.
2x a month. No spam.
January 2, 2023 - TuxCare expert team
In an extensive two-factor authentication bypass campaign, multiple Comcast Xfinity email accounts were hacked, and the disrupted accounts were used to reset passwords for other services. This comes shortly after Comcast Xfinity announced price increases for the new year.
The users are lamenting across social media that, despite the use of two-factor authentication, customers of the American telecommunications company reported that their accounts had been hacked. They also stated that the attackers are using the compromised accounts to gain access to and hijack the victims’ other services, including Evernote, Dropbox, and the cryptocurrency exchanges Coinbase and Gemini.
Attackers began sending notifications to Xfinity email users about changes to their account information on December 19, and users who initially couldn’t access their accounts due to changed passwords eventually discovered their accounts had been hacked and included a secondary email at the @yopmail.com domain.
Meanwhile, according to a researcher, the attacks are being carried out using credential stuffing attacks to determine the login credentials for Xfinity attacks. The researcher went on to explain that once the attackers gain access to the account and are prompted to enter their 2FA code, they allegedly use a privately circulated OTP bypass for the Xfinity site to forge successful 2FA verification requests. Once logged in, they can change the secondary email address to the @yopmail.com account and reset passwords.
“Starting on December 19th, many Xfinity email users began receiving notifications that their account information had been changed. However, when attempting to access the accounts, they could not log in as the passwords had been changed,” BleepingComputer reported. “After regaining access to the accounts, they discovered they had been hacked and a secondary email at the disposable @yopmail.com domain was added to their profile.”
Xfinity’s response to a users complaint after the user’s account was compromised twice in 4 hours, was that the user should engage in a struggle with the hackers, and keep changing password back every time after they changed it.
Comcast has not yet issued a public response.
The sources for this piece include an article in BleepingComputer.
Learn About Live Patching with TuxCare
According to CyberArk researchers, GPT-based models like ChatGPT can be...
Malicious hackers have started exploiting a critical vulnerability CVE-2022-44877 in...
Deep Instinct researchers reported that RATs like StrRAT and Ratty...
According to CircleCI’s CTO, Rob Zuber, CircleCI is working with...
A remote attacker could exploit multiple vulnerabilities in four Cisco...
In a notable IcedID malware attack, the assailant impacted the...