Customers of Comcast Xfinity accounts getting hacked despite having 2FA enabled

On December 19th, several Xfinity email users started getting messages informing them that their account information had been updated. In spite of this, when they attempted to access the accounts, they were unable to do so since the passwords had been altered.

They found out they had been hacked when they were able to recover access to their accounts and saw that a secondary email address with the throwaway domain had been added to their profile.

The clients of Xfinity said that they had two-factor authentication set on their accounts; nonetheless, the threat actors were still able to circumvent it and get in to the customers’ accounts.

After receiving feedback from a number of Xfinity subscribers who had their accounts hacked, BleepingComputer decided to publish a story on these account intrusions. Other users have posted identical complaints on Reddit  and Twitter , and Xfinity’s own own help site .

Credential stuffing attacks are being used to identify the login credentials for Xfinity assaults. These attacks are being carried out by the attackers.

Once the attackers have gained access to the account and are prompted to enter their two-factor authentication code, they allegedly use a privately circulated OTP bypass for the Xfinity site that enables them to forge successful two-factor authentication verification requests. This is done after they have already gained access to the account.

After successfully logging into the account, the user has the ability to reset their password as well as change the secondary email address to the account.

These hacked accounts are then used to reset passwords for other sites, such as the cryptocurrency exchanges Coinbase and Gemini.

On the other hand, one Xfinity customer stated on Reddit that the corporation is aware of the account breaches and is investigating into where the hacks are coming from.