Visitor
•
1 Message
Associated email was changed, bypassing my two factor authentication
This is the 2nd time my Xfinity account has had its associated email changed by a malicious actor, somehow completely bypassing my two factor authentication. Xfinity has a major security issue and I no longer trust that my account will ever be secure when there is a method that hackers can use to gain access to any account.
And this isn't a "my PC has a virus and I don't know it" thread (I have Malwarebytes and Windows 11 security). 6 months ago my associated email was changed to <myname>@yopmail.com, which happened to multiple users on here where multiple threads were made about it (https://forums.xfinity.com/conversations/email/just-how-many-had-their-xfinity-email-hacked-yesterday/63a22372ebc755162835f320). Tonight, my associated email was changed to <myname>@stayschemin.org and the user had access to my email because their was a deleted password reset in my trash folder.
The wild thing is, I have two factor authentication on my account. This should not be possible, but there is clearly a way for malicious actors to change associated emails without needing two factor, and being able to sign in. Which means there is no security, and no one should trust that this wont happen to them. My entire life and info is connected to my email, and knowing at anytime someone can just access it is unacceptable.
I already called the Comcast security number and the guy I spoke with did the predictable "I've looked at your account and everything is secure!" which is beyond less the satisfactory. COMCAST, PLEASE LOOK INTO THIS AND ESCULATE THIS ISSUE!
XfinityKatie
Official Employee
•
744 Messages
1 year ago
Hello, @Not_Happy_User we appreciate you bringing this to our attention. We definitely want to ensure that this is addressed, and your account is secure. I would recommend reaching out to our Customer Security Assurance team so that they can evaluate your online account with you and ensure only have access to it. You can reach out to them at 1-888-565-4329 every day between the hours of 8:00am - 12:00am EST.
1
0
user_205339
Visitor
•
1 Message
1 year ago
I have had this issue since December of 2022I have called approximately 5 times regarding my password being changed and then the Preferred email being changed. The 4th time I called I received a ticket number the issue was supposed to have been escalated in someone was supposed to call me back this never happened yesterday July 5, 2023 I received an email and I personal information had been changed I went to log in to my Xfinity account and my password had been changed so I needed to reset my password when I chose the reset option There were 2 options to reset my password the 1st via email And the second is by text The cell phone number listed is my cell phone number however the Email option had already been changed to A malicious email. I did not receive A verification text from Comcast with the code to access my account to change my preferred email Again I just spent 2 hours on the phone only to be told that someone has hacked my google email To gain access to Comcast account To turn off the 2 step verification only make changes and then turn it back on This is the most ridiculous thing I have heard considering in order to change the already preferred email I would need to get a text with the code to access my account you can't change anything until you get that first code texted to you. Needless to say we will be quitting Comcast they can come pick up their equipment and we will just order direct from Netflix amazon Disney plus etc. Spending almost $400 a month for services for over 20 years I would expect more.
1
UseYourName1
Visitor
•
1 Message
1 year ago
This just happened to me as well. Reset password and also changed email. So frustrating.
2
soulbringer
New Poster
•
6 Messages
1 year ago
This just happened to me again and no matter how long or complex my password is, they still managed to break through. It's like they have access to some CIA backdoor hole in the computer software. Xfinity has a problem, and they need to address it. They are just lazy and don't care.
1
gregoryrubin
Regular Visitor
•
8 Messages
1 year ago
This just happened to me again as well for the 5th time in 2 years. Completely unacceptable. We should band together and do a class action lawsuit. Their customer service doesn't help and there is a known issue that allows hackers to bypass 2FA for some reason. I'm tired of this.
3
Mauv
1 Message
1 year ago
This exact thing keeps happening to me as well. They are bypassing my 2FA and changing the backup email on my account. This allows them to then change the password. I spoke with the security team and they are supposed to be looking into it. This is clearly a bigger issue than one person.
0
user_1d219c
1 Message
1 year ago
This keeps happening to me and Comcast says it's not! They have no clue what is going on and someone has access to their systems. I guess since they will not help I will start posting all over about the issue!
1
user_24310a
1 Message
1 year ago
Happened to me on 8/14/23. I'm using 1Password, 2FA, and a YubiKey. The best part is that there is no way to remove name@stayschemin.org from your account.
I've been slowly moving all email correspondence from Xfinity to Gmail, and I suggest everyone else do the same.
Aside from this, it's disgusting that this company limits password length to 16 characters.
(edited)
0
0
user_f89ff6
1 Message
1 year ago
Same thing just happened to me. I noticed I couldn't access my email two days ago. Spoke with xfinity security today, (8-20-23) and got my password changed, and supposedly had the hacked 2 factor authentication email, the fake "stayschemin.org", removed. We shall see if any of this works. My confidence in their security is quite low now. I am very disappointed in this situation. Who knows what other data has been exposed by this fiasco?
2
0
user_8f6b2b
Visitor
•
7 Messages
1 year ago
This has happened to me twice within the last 2 months. Seriously?!?!?! You're telling customers to constantly change their password instead of your security team rolling up their sleeves and actually finding and patching the bugs that are allowing hackers to get into our accounts CONTINUOUSLY and change our settings. How can this be? Please Xfinity, take a deep look at your security team and consider an overhaul...
(edited)
1
user_a5cf4d
1 Message
1 year ago
Why not just get a Gmail address? Export your addresses so that it can be imported to Gmail. Then Forward your important emails to that account, and toss what is old or no longer worthwhile to have from the Comcast account. As it is, you don't trust Comcast/Xfinity anyway. Something similar happened to me just today. I signed out of my email, then wanted to do more reading and clicked on something Xfinity (official acct) had to say - and was right back in my Comcast email. No question, no two-factor verification. Just opened the email. Besides. They still advise people that their password has to be between 8 and 18 spaces long. Last I heard it's been expanded to 128 spaces. After you established a new email, send out a notice to everyone you want to know, about the move, and request that they reconfirm to you in your new address that they are aware and that they made the changes at their end.
0
0