Reports have claimed that someone figured out how to bypass the two-factor authentication (2FA) security at Comcast Xfinity and compromise countless accounts.
Once bypassed, attackers can use compromised accounts to try and take over crypto exchange accounts and cloud storage service.
On December 19, Xfinity email users started receiving notifications of changes to their account information, but password has been changed so that they cannot enter. Those who managed to gain access to the account again discovered that an extra email address had been added to the account, from a disposable domain yopmail.com.
Bypass 2FA
A secondary email address is a security measure used by some email service providers to help with password resets, account notifications, etc.
Many victims took to the Twitter, Reddit and Xfinity forums to discuss what happened and said they had 2FA enabled. So the person behind the attack guessed the password by filling in the credentials and then managed to bypass the two-factor authentication security. BleepingComputer The report says the attackers used a “privately circulated OTP (one-time password) pass” that allowed them to generate a working 2FA verification code.
That gave them access to the account and added a secondary, disposable email account, allowing them to go through the password reset process.
After gaining complete control over the compromised email accounts, the threat actors then proceeded to breach other online services, assuming people identity (opens in a new tab) to request an email reset. Dropbox, Evernote, Coinbase, and Gemini are just some of the services that threat actors have attempted to breach.
Xfinity is currently keeping quiet on the matter, but one customer said on Reddit that the company is aware of the incident and is currently investigating. The same source also said that according to a customer support agent they spoke to, the problem seems to be quite widespread.
Via: BleepingComputer (opens in a new tab)
