Numerous Comcast Xfinity customers report accounts being hacked in a campaign leveraging a 2FA bypass technique. Xfinity email users began receiving notifications that their account information had changed without consent despite enabling two-factor authentication (2FA). The victims also noticed that a secondary email at the disposable yopmail[.]com domain was added to their profile. The victims discovered they had been hacked when they could not log into their accounts since hackers had also changed their passwords. Impacted customers also reported hackers attempting to access and reset passwords for other services such as the Coinbase and Gemini crypto exchange wallets, Dropbox, and Evernote. Xfinity was investigating the attack and was assisting customers in regaining access to compromised accounts. Many customers who engaged the Xfinity customer support department said the company was helpful in reverting compromised accounts to their legitimate owners. Meanwhile, a security expert told Bleeping Computer that the attackers probably gained access to the accounts via credential-stuffing attacks before leveraging a privately circulated OTP bypass tool. However, the source who requested to remain anonymous did not explain the nature of the OTP bypass tool. Comcast has yet to confirm the existence of the secret 2FA bypass tool or the number of accounts compromised.
Full story : Widespread 2FA Bypass Attack Compromised Comcast Xfinity Accounts; Targets Coinbase, Gemini, Evernote, and Dropbox.