Reports claim that someone has found a way around Comcast Xfinity’s 2-factor authentication (2FA). This allows them to compromise countless accounts.
After the bypass, attackers have the ability to use compromised accounts to attempt to take control of cryptocurrency exchange accounts. cloud storage services.
December 19th, Xfinity email users started receiving notifications about changes to their account information. However, files were not notified. passwordsIt was already modified so they couldn’t access it. Those who managed to regain access to the account discovered that a secondary address had been added from a disposable yopmail.com domain.
Bypass 2FA
A secondary email address is a security feature that many email providers use to help with account notifications, password resets, and other such matters.
Several victims posted on Twitter, Reddit and Xfinity forums, discussing what happened and claiming that they had managed 2FA. The attacker managed to guess the password using the credentials and bypass the two factor authentication security measure. Computer The report states that the attackers used a “privately circulated OTP (one-time password) bypass” that allowed them to generate valid 2FA verification codes.
They gained access to the account by adding the secondary disposable mail account. Then they could reset their password.
After gaining complete access to the compromised email accounts the threat actors proceeded by hacking additional online services, assuring that people were not being hacked. matches(Opens in a new window) To request a reset email. The threat actors have attempted to hack Dropbox, Evernote and Coinbase.
Xfinity has not yet commented on the matter, but a Reddit customer said that the company was aware of the incident. They are currently investigating. According to the same source, the problem appears to be widespread according to customer service employees they spoke to.
Through: Computer(Opens in a new window)
Source link
[Denial of responsibility! reporterbyte.com is an automatic aggregator of the all world’s media. In each content, the hyperlink to the primary source is specified. All trademarks belong to their rightful owners, all materials to their authors. If you are the owner of the content and do not want us to publish your materials, please contact us by email – reporterbyte.com The content will be deleted within 24 hours.]
