Someone has reportedly found a way to bypass Comcast Xfinity’s two-factor authentication (2FA) security measures and compromised countless accounts.
After the bypass, attackers were able to use the compromised account to attempt to take over cryptocurrency exchange accounts and cloud storage services.
On Dec. 19, Xfinity email users began receiving notifications about changes to their account information, but their passwords had been changed, so they couldn’t get in. Those who managed to re-enter the account found that a secondary email address had been added to the account, from the throwaway domain yopmail.com.
Secondary email addresses are a security measure used by some email providers to assist with password resets, account notifications, and more.
Many victims took to Twitter, Reddit, and Xfinity forums to discuss what happened and said they had 2FA enabled. So whoever was behind the attack managed to guess passwords through credential stuffing and then managed to bypass two-factor authentication security measures. BleepingComputer The report states that the attackers used a “privately propagated OTP (one-time password) bypass,” which allowed them to generate valid 2FA verification codes.
This gives them access to the account, and adds a secondary disposable email account that allows them to go through the password reset process.
After gaining full control over the compromised email account, the threat actors then proceeded to compromise further online services, pretending to be people’s identities (opens in a new tab) Request to reset email. Dropbox, Evernote, Coinbase, and Gemini are just some of the services that threat actors are trying to compromise.
Xfinity has kept mum on the matter for now, but a customer said on Reddit that the company has been informed of the matter and is currently investigating. The same source also said that, according to a customer support employee they interviewed, the issue appears to be fairly common.
pass: beep computer (opens in a new tab)