Customers of Comcast’s Xfinity have reported account hacks and 2FA bypass attempts. The accounts are also being used to change passwords for other sites like Gemini and Coinbase. Users of Xfinity email began getting warnings that their account information had changed beginning on December 19.
A researcher claims that credential-stuffing attacks were conducted against user email IDs to access their accounts. Attackers apparently employ a privately shared OTP bypass mechanism to spoof 2FA verification requests for the Xfinity website once they have gained access and the system prompts them for a 2FA code.