eva_bee's profile

Regular Visitor

 • 

7 Messages

Tuesday, March 14th, 2023 9:01 PM

Closed

Email hacked, secondary email address changed again

​This is the second time this week! I received an email both times saying that my personal information has been changed on my account. I hadn't changed anything. When I logged in and checked my security settings my secondary email address was changed [Edited: "Personal Information"]. The code had not been verified. And I changed it to one of my email addresses and changed the password.​

​This had been happening a bunch of times to my account from October to December and then it stopped. Same sort of thing, changing the secondary email address or turning off 2FA. I have 2FA turned on on my account and all of the times that my security settings were changed, it never triggered the 2FA or showed any history of another IP address or computer accessing my account.​

​It seems pretty obvious that someone at comcast or a third party is accessing people's accounts through the back-end. Comcast has to do something about their security. This is getting to be unacceptable and telling me to change my password every time is not the answer, it's obvious they're not accessing my account via the password and 2FA.​

Problem Solver

 • 

1.5K Messages

11 months ago

You're going to want to immediately unlink any Xfinity account you have with any other service or site.  I'd consider them all burned from now on.

This isn't a question of "fixing security", [Edited: "Inflammatory"]

(edited)

Regular Visitor

 • 

7 Messages

11 months ago

Totally agree. It's quite apparent there's no security or concern for security. This might be the push I need to switch to FIOS, though I'm not sure they're any better when  it comes to security.

Visitor

 • 

1 Message

11 months ago

This happened last night in our household. An email at 8p: "Changes made to your account." Legit from Comcast, and my husband also received the same email, so then I log in on the primary account, all looks okay...but the next morning, my husband cannot get into his email. Password not working on any devices. I log back in on my account, start looking at the family accounts, and see that under his, someone has created a second email address (to which we have no affiliation) that has the same very unique prefix as his own. 

I then look up the suffix URL and it goes to a nefarious repository site that sets off my Malwarebytes ("reliablemailers", if you're curious) and I know this is a can of YUCK. I had comcast customer service remove it, although they couldnt explain how it got there nor did they share when, but given the timing of these events I'm betting it was last night with that one email ping from Comcast... 

Something is rotten for sure. P-dubs refreshed uniquely all over! 

(edited)

Visitor

 • 

2 Messages

11 months ago

This happened to me three times today, first around 5am (fixed myself), again around 4pm (called Xfinity/Comcast Security, they fixed it), and the third time while I was actually on the phone with Security, minutes after the second fix! Security escalated my call immediately, and they have enabled multi-factor authentication (more secure than two-factor verification) and are putting a lock on my account that should restrict account access only to sign-ins (and sign-in attempts) from my home IP address.

Each time today was "reliablemailers" like yours.

This happened to me before and many other people as well late last year, same thing, but the fraudulent email domain was "yopmail". Those incidents were widespread, and besides being mentioned elsewhere in this forum, have several articles posted online if you search.

Hopefully these scaled-up security measures make a difference, and just as hopefully Xfinity can figure out how these "bad actors" are doing this and put a stop to them.

Visitor

 • 

1 Message

11 months ago

As someone with much internet security experience. There's only a few ways you're likely to get hacked. Adult or p2p websites being most common; Using outdated passwords that were leaked in to public databases; phishing emails; someone who you allowed access in to your account either personally or you opened a malicious file that was sent to you.

Also, it is not a good idea to put your email address out there, for the world to see, registering on every website you can find, every store you can buy something from. Use your primary email for bills, maybe amazon, and people you know but anymore than that is too much. You need a secondary email account if you want to register on forums and miscellaneous sites, that have public data dumps and get hacked on a regular basis. This will also prevent you from receiving a lot of scam emails including phishing/fake Xfinity emails, as someone mentioned, it looks like that is what happened. So called "legit email" was NOT legit. Emails can be spoofed. Always look at the url when you click on links you may be skeptical of. URLs cannot be spoofed, they can look similar but not outright spoofed. Xfinity can only do so much here, you have to be aware of what you are doing.

(edited)

Visitor

 • 

2 Messages

@user_f2d319​ quite so, all of this, except that when you say Xfinity can only do so much here, they certainly can do more in this and similar cases.

Xfinity does not notify the user of these personal email / two factor authentication changes until after they are done. No email/text saying are you sure you want to do this? No text with the confirmation code saying, you are about to change your personal email, can you confirm? No text or email saying, you are about to turn off two factor authentication, can you confirm this is you? No option/interface for biometric/fingerprint/face id confirmation, for those of us customers who have that technology.

(They do send a confirmation email to the new/fraudulent email address, which defeats the purpose, because that only verifies that whoever's making the change has access to the new email address, not that the user of the new email address is actually the holder of the account). None of that happens before the wrongdoing is finalized. After the wrongdoing, it's just an email that says basically, hey, guess what, this stuff has been changed, contact us if it wasn't you.

By then, the changes have been allowed to take place and the wrongdoer now has complete access to your account through this new email and has turned off two-factor authentication so you aren't even notified of anything else they're doing, and they're off and running with your credentials.

Xfinity certainly could use the same functionality, and more, that they use elsewhere for security of their accounts, to warn its users in the moment, and have their users confirm, that an action is about to be undertaken that, if not being done and confirmed by the true user, is going to lead to the hijacking of that account.

That would give the true account holder immediate notification and the choice to say no, that's not me, and prevent a potentially devastating act, in just a few seconds.

(edited)

New Poster

 • 

6 Messages

10 months ago

Same thing is happening to me now. I tracked the IP. It's from California and they are using firefox browser. I wish there was a way to block that IP. 

Problem Solver

 • 

567 Messages

We'd love to further investigate this issue together. Would you be willing to send us a private message with your full name and address?

 

To send a "Peer to peer" ("Private") message:

Click "Sign in" if necessary

-Click the "Direct Message" icon (square chat icon in the upper right corner of your screen next to the bell icon)

-Click the "New message" (pencil and paper) icon

-Type "Xfinity Support" in the "To:" line and select "Xfinity Support" from the drop-down list that appears, and the "Xfinity Support" graphic will replace the "To:" line

-Type your message in the text area near the bottom of the window

-Press Enter to send it

 

I no longer work for Comcast.

Official Employee

 • 

441 Messages

10 months ago

Hey there, I am very sorry to hear about the experience with your email! We would be happy to look into it with you! Please send us a private message with as much information as possible (pictures are helpful too, if you can), using the below instructions: 

"Search for Xfinity Support" won't work. To send a "Peer to peer" / "Private chat message" message to Xfinity Support:

• Click "Sign In" if necessary

• Click the "Peer to peer chat" icon or https://comca.st/3wjbsKk

• Click the "New message" (pencil and paper) icon

• The "To:" line prompts you to "Type the name of a person". Instead, type "Xfinity Support" there

•  - As you are typing a drop-down list appears. Select "Xfinity Support" from that list

•  - An "Xfinity Support" graphic replaces the "To:" line

• Type your message in the text area near the bottom of the window

• Press Enter to send it

See https://comca.st/2Uwyujs for an example.

 

Visitor

 • 

1 Message

@XfinityAdrienne​ Can you please send me a message.  I'm not able to direct message.

Expert

 • 

30.1K Messages

@user_4b3a5e​ 

You need to start a new thread with your issue, leaving out any personal identifying information.  An Official Employee will contact you afterward.  Please do not send a direct message without first being asked.

Thanks!

I am not a Comcast Employee.
I am a Customer Expert volunteering my time to help other customers here in the Forums.
We ask that you post publicly so people with similar questions may benefit from the conversation.

Was your question answered? Please mark an Accepted Answer!tick

Contributor

 • 

111 Messages

8 months ago

A hacker may have changed it  .  They used a " privately circulated one-time password "  , then added a secondary email address , changed your info , turned off 2FA  , and reset the password .  
I had to turn off 2FA in order to sign in to my email and change my email address & password .

* * *  Here's something interesting  …  I log into this community with the new email address , though I can't have notifications sent to it !    I have to come to this website to check for messages , said that they can't change it , but the hacker was able to ?  Additionally , I would forfeit all of my accomplishments here if I create another account .  
       There's a fellow over at customer service named Tom Karinshak who wants to know how Comcast / Xfinity is doing , has a webpage where you may submit your comments .  I'm going to ask him if he can change my email address for this forum ?  
Here's a link to the hacking article  : 

https://www.techradar.com/news/comcast-xfinity-accounts-are-being-attacked-in-2fa-bypass-attacks 

forum icon

New to the Community?

Start Here