Skip to main content

Comcast Xfinity Accounts HACKED

Cybersecurity expert Drayton Mayers of #WiseChoice TeamLogicIT Memphis explains what happened and what EVERY Xfinity customer should be doing NOW to protect themselves.

Mayers wrote the following and gave me permission to publish it as a #WiseWarning to all Comcast Xfinity customers:

(During the week of Jan. 9, 2023), a number of Comcast customers logged into their Xfinity email accounts only to discover that they had been hacked. The source of these widespread attacks seems to be an exploit that allows an attacker to bypass Xfinity two-factor authentication (2FA) for Xfinity accounts (Editor’s note: two-factor authentication is a security measure in which someone uses two factors to access accounts, like a password plus a text with a one-time passcode).

Hackers appear to be using a privately circulated tool that bypasses the one-time-passcode (OTP) used in 2FA. Essentially, your account will not send the 2FA code to you. Instead, the hackers will get it, cutting you out of the loop.

First, the attackers compromise an Xfinity email account by using stolen passwords from the Dark Web. From there, they log in with the stolen passwords and use the private 2FA bypass tool to get around phone verification.

After that, the password is reset, and any backup or secondary emails are changed to one the attacker controls.

Once they have access to the Xfinity email, hackers can use this email to attempt to password reset other services with the ‘Forgot my Password’ feature.

They’ve been observed using this method to compromise DropBoxEverNote and even cryptocurrency exchange accounts such as Coinbase and Gemini.

Comcast hasn’t released an official statement as of this correspondence, and it’s unknown how many accounts were compromised. If you have a Comcast email account, we recommend that you immediately update your password and check the recovery email and 2FA information you have on file. Reach out to Comcast Xfinity support if necessary.

It is also a good idea to review your other accounts and services for compromise.

A few important things to note in these attacks:

  • 2FA was not enough. The hackers bypassed it.
  • Those who regained access to their accounts did so because they noticed a change in 2FA by monitoring their email accounts.
  • The accounts were originally compromised via “credential stuffing” which uses Leaked Passwords found on the Dark Web

These are all common pain points for which our third-party security assessments identify.

Not only does TeamLogic IT Memphis provide consultation and training on the weaknesses in multi-factor authentication (MFA), but we also utilize alerts to catch compromised accounts as soon as it happens. Our services also scan your environment for accounts using leaked passwords that have been found on the Dark Web.

If you’d like to discuss how we can assist you, or someone you know with their security, please don’t hesitate to reach out. The TeamLogic IT Memphis #WiseChoices profile page includes our contact information.

Copyright 2023 Wise ChoicesTM. All rights reserved.

andy wise, andy wise channel 3, andy wise channel 5, andy wise choices, andy wise does it work, andy wise does it work thursday, andy wise memphis, andy wise on your side, andy wise reporter, andy wise will it work, andy wise wmc action news 5, andy wise wreg, consumer investigator, consumer investigator andy wise, consumer protection, cybersecurity, memphis wise choices, teamlogic it, teamlogic it memphis, trust wise choices, wise choices