"Widespread 2FA Bypass Attack Compromised Comcast Xfinity Accounts; Targets Coinbase, Gemini, Evernote, and Dropbox"
Comcast Xfinity customers have reported that their accounts have been compromised by a campaign employing a two-factor authentication (2FA) bypass technique. Despite enabling 2FA, Xfinity email customers began receiving messages that their account information had been modified without their permission. Additionally, the victims discovered that a secondary email address at the disposable yopmail[.]com domain had been added to their profile. The victims found they had been hacked when they were unable to access their accounts because their passwords had been changed. Customers who were affected also reported that hackers attempted to access and reset passwords for other sites, including the Coinbase and Gemini cryptocurrency exchange wallets, Dropbox, and Evernote. Previously, hackers have used 2FA bypass tactics in large-scale attacks on other services with destructive results. For example, in January 2022, Crypto[.]com, a trading platform for cryptocurrencies based in Singapore, announced a 2FA bypass attack that compromised 483 user accounts. Additionally, Crypto[.]com reported that the 2FA bypass enabled threat actors to steal cryptocurrency worth $34.65 million. Consequently, the company implemented improvements such as delaying account access and limiting functionality for 24 hours after a password change, allowing account owners time to respond to suspicious changes. This article continues to discuss the recent widespread 2FA bypass attack that impacted Comcast Xfinity customers, 2FA bypass attacks deployed successfully in the past, and evidence indicating that 2FA is becoming ineffective.