Someone has found a way to bypass the two-factor authentication (2FA) security measure on Comcast Xfinity and compromise countless accounts, according to reports.
After the bypass, attackers can use the compromised accounts to attempt to take control of cryptocurrency exchange accounts and cloud storage services.
On December 19, Xfinity Mail users began being notified of changes to their account information, but their passwords had already been changed, so they couldn't log in. Those who managed to get back into the account discovered that a secondary email address had been added to the account, from a throwaway domain yopmail.com.
Skip 2FA
The secondary email address is a security measure used by some email providers that facilitates password resets, account notifications, etc.
Many victims took to Twitter, Reddit, and Xfinity forums to discuss what happened, saying they had enabled 2FA. So whoever was behind the attack managed to guess the password using credential stuffing, and then managed to bypass the two-factor authentication security measure. The BleepingComputer report says the attackers used a "private transmission OTP (one-time password) bypass" that allowed them to generate functional 2FA verification codes.
This gave them access to the account, and adding the disposable secondary email account allowed them to complete the password reset process.
After taking full control of the compromised email accounts, the threat actors breached other online services, assuming people's identities (opens in a new tab) to request the reset of the emails. Dropbox, Evernote, Coinbase, and Gemini are just a few of the services that hackers have tried to break into.
Xfinity is keeping quiet on the matter at this time, but a customer said on Reddit that the company is aware of the incident and is currently investigating. The same source also said that according to a customer service employee they spoke to, the problem appears to be quite widespread.
Via: BleepingComputer (Opens in a new tab)