Reports claim that someone has found a way to bypass Comcast Xfinity’s two-factor authentication (2FA) security and hack into countless accounts.
Once circumvented, attackers can use compromised accounts to attempt to compromise cryptocurrency exchange accounts and cloud storage services.
On December 19, Xfinity email users began receiving notifications of changes to their account information, but their passwords had already been changed, so they were unable to enter. Those who managed to recover their account discovered that an additional email address from the one-time domain yopmail.com had been added to the account.
Bypassing 2FA
A secondary email address is a security measure used by some email providers to assist with password resets, account notifications, and similar activities.
Many victims visited the Twitter, Reddit and Xfinity forums to discuss what happened and said they had 2FA enabled. So whoever was behind the attack managed to guess the password using credential stuffing and then bypassed the two-factor authentication security. Bleeping Computer the report states that the attackers exploited “private circulation OTP (one-time) password bypass”, which allowed them to generate working 2FA verification codes.
This gave them access to the account, and adding an additional one-time email account allowed them to complete the password reset process.
Having gained full control of the compromised email accounts, the cybercriminals proceeded to break into more online services, assuming the identities of the users (opens in a new tab) to request an email reset. Dropbox, Evernote, Coinbase, and Gemini are just some of the services cybercriminals have tried to crack.
Xfinity is keeping quiet on the matter for now, but a customer said on Reddit that the company is aware of the incident and is currently investigating. The same source also said that, according to a customer service employee they spoke to, the problem appears to be quite common.
Through: Beeping Computer (opens in a new tab)