Updated on 2022-12-29: Comcast Xfinity account hacks
Several Comcast Xfinity customers said they had their accounts hacked. The accounts were then used to reset passwords and bypass 2FA accounts on cryptocurrency portals like Gemini and Coinbase.
@Xfinity How was it that users with 2FA had email password resets sent to Yopmail accounts after midnight. WTH, Xfinity!
— Thomas (@TCG0223) December 22, 2022
Overview
Comcast Xfinity accounts have been hacked in widespread credential stuffing attacks that bypassed the 2FA security. The compromised accounts enabled attackers to reset passwords for other sites such as Coinbase and Gemini.
Read more:
- Xfinity Community Forum > Email hacked, password changed and 2 step turned off
- r/Comcast_Xfinity > Hackers bypassed 2FA, possible CSR’s social engineered
- r/Comcast_Xfinity > Just how many xfinity accounts were hacked yesterday
@Xfinity How was it that users with 2FA had email password resets sent to Yopmail accounts after midnight. WTH, Xfinity!
— Thomas (@TCG0223) December 22, 2022
Not necessary, I was already told by customer service that our accounts were hacked. Did the scammer a get lie social security numbers???? I got a call from the scammers already and they know my monthly bill amount!!!!
— Turtley Turtle (@MattSwag9) December 21, 2022
My email account's password was hacked. Xfinity let someone change it without the 2-factor authentication last night. The password wasn't one of my best because I have to type it on my mobile device. It's now similar to:
0716FD13-FC68-4831-9A64-653DF38135DB— Bill Crowell, JAFA (@n4hpg) December 20, 2022
