Extensive 2FA bypass attacks compromise Comcast Xfinity accounts

Numerous Comcast Xfinity email accounts have been hacked in a massive two-factor authentication bypass campaign, with the compromised accounts leveraged for resetting the passwords for other services, reports BleepingComputer. Notifications alerting Xfinity email users regarding changes in their account information have been sent by attackers beginning Dec. 19, and users who initially could not access their accounts due to changed passwords eventually discovered their accounts to be hacked and include a secondary email at the @yopmail.com domain. Such an attack was successful despite the implementation of two-factor authentication by Xfinity users. Credential stuffing attacks have been used by attackers to perform the intrusions, according to a security researcher who said that threat actors may be leveraging a privately circulated OTP bypass to copy 2FA verification requests. Attackers who have gained complete access to the email account then proceed to reset passwords for different online services, including Evernote, Dropbox, and the Coinbase and Gemini cryptoexchanges. Xfinity is already looking for the source of the attack, said a customer in a Reddit post.