Regular Visitor
•
7 Messages
Email hacked, secondary email address changed again
This is the second time this week! I received an email both times saying that my personal information has been changed on my account. I hadn't changed anything. When I logged in and checked my security settings my secondary email address was changed [Edited: "Personal Information"]. The code had not been verified. And I changed it to one of my email addresses and changed the password.
This had been happening a bunch of times to my account from October to December and then it stopped. Same sort of thing, changing the secondary email address or turning off 2FA. I have 2FA turned on on my account and all of the times that my security settings were changed, it never triggered the 2FA or showed any history of another IP address or computer accessing my account.
It seems pretty obvious that someone at comcast or a third party is accessing people's accounts through the back-end. Comcast has to do something about their security. This is getting to be unacceptable and telling me to change my password every time is not the answer, it's obvious they're not accessing my account via the password and 2FA.
flatlander3
Problem Solver
•
810 Messages
9 days ago
You're going to want to immediately unlink any Xfinity account you have with any other service or site. I'd consider them all burned from now on.
This isn't a question of "fixing security", [Edited: "Inflammatory"]
(edited)
0
eva_bee
Regular Visitor
•
7 Messages
9 days ago
Totally agree. It's quite apparent there's no security or concern for security. This might be the push I need to switch to FIOS, though I'm not sure they're any better when it comes to security.
0
0
user_227bae
Visitor
•
1 Message
8 days ago
This happened last night in our household. An email at 8p: "Changes made to your account." Legit from Comcast, and my husband also received the same email, so then I log in on the primary account, all looks okay...but the next morning, my husband cannot get into his email. Password not working on any devices. I log back in on my account, start looking at the family accounts, and see that under his, someone has created a second email address (to which we have no affiliation) that has the same very unique prefix as his own.
I then look up the suffix URL and it goes to a nefarious repository site that sets off my Malwarebytes ("reliablemailers", if you're curious) and I know this is a can of YUCK. I had comcast customer service remove it, although they couldnt explain how it got there nor did they share when, but given the timing of these events I'm betting it was last night with that one email ping from Comcast...
Something is rotten for sure. P-dubs refreshed uniquely all over!
(edited)
0
0
user_17dc31
Visitor
•
2 Messages
5 days ago
This happened to me three times today, first around 5am (fixed myself), again around 4pm (called Xfinity/Comcast Security, they fixed it), and the third time while I was actually on the phone with Security, minutes after the second fix! Security escalated my call immediately, and they have enabled multi-factor authentication (more secure than two-factor verification) and are putting a lock on my account that should restrict account access only to sign-ins (and sign-in attempts) from my home IP address.
Each time today was "reliablemailers" like yours.
This happened to me before and many other people as well late last year, same thing, but the fraudulent email domain was "yopmail". Those incidents were widespread, and besides being mentioned elsewhere in this forum, have several articles posted online if you search.
Hopefully these scaled-up security measures make a difference, and just as hopefully Xfinity can figure out how these "bad actors" are doing this and put a stop to them.
0
0
user_f2d319
Visitor
•
1 Message
4 days ago
As someone with much internet security experience. There's only a few ways you're likely to get hacked. Adult or p2p websites being most common; Using outdated passwords that were leaked in to public databases; phishing emails; someone who you allowed access in to your account either personally or you opened a malicious file that was sent to you.
Also, it is not a good idea to put your email address out there, for the world to see, registering on every website you can find, every store you can buy something from. Use your primary email for bills, maybe amazon, and people you know but anymore than that is too much. You need a secondary email account if you want to register on forums and miscellaneous sites, that have public data dumps and get hacked on a regular basis. This will also prevent you from receiving a lot of scam emails including phishing/fake Xfinity emails, as someone mentioned, it looks like that is what happened. So called "legit email" was NOT legit. Emails can be spoofed. Always look at the url when you click on links you may be skeptical of. URLs cannot be spoofed, they can look similar but not outright spoofed. Xfinity can only do so much here, you have to be aware of what you are doing.
(edited)
1
0