"Comcast Xfinity Accounts Hacked in Widespread 2FA Bypass Attacks"

Customers of Comcast Xfinity have reported that their accounts have been compromised by widespread hacks that circumvent two-factor authentication (2FA). The hacked accounts are then used to reset the passwords of other services, including the Coinbase and Gemini cryptocurrency exchanges. On December 19, a number of Xfinity email users began receiving notices that their account information had been updated. However, they were unable to access their accounts since the passwords had been changed. After regaining access to their accounts, they realized that they had been hacked and that a second email address had been added to their profile. Similar to Gmail, Xfinity allows customers to set up an alternative email address for account notifications and password resets in the event that they lose access to their Xfinity account. All Xfinity users with whom Bleeping Computer contacted confirmed 2FA was activated, yet the threat actors could still bypass it and access their accounts. A researcher believes credential stuffing attacks are being used to determine the login credentials for Xfinity attacks. Once the attackers obtain access to the account and are required to enter their 2FA code, they allegedly employ a privately circulated OTP bypass for the Xfinity website that allows them to falsify 2FA verification requests. This article continues to discuss the hacking of Comcast Xfinity customer accounts that bypasses 2FA.

Bleeping Computer reports "Comcast Xfinity Accounts Hacked in Widespread 2FA Bypass Attacks"