Visitor
•
5 Messages
Just how many had their xfinity e-mail hacked yesterday?
I had my xfinity e-mail hacked twice in the last 24 hours. A hacker was twice able to set up an additional e-mail on my xfinity account using a temporary yopmail account. (Yopmail is a French e-mail provider that lets people set up temporary e-mail addresses without providing any information. It is perfect for hackers to use when stealing Xfinity accounts.) Today I called Xfinity shortly after 9 am (CST) and set a callback with the security department. They said it would be 1.5 to 2 hours. After more than 4 hours I called back and spoke to someone in billing who told me that the callback time for the security department was 4-6 hours. They however did me a favor and got me into a faster queue.
After a few minutes I spoke to someone in the alleged "security" department. She was not helpful. After I explained my situation and asked her to fix it she indicated that she would forward this to a higher department for review and I would receive a callback in 72 hours. When I demanded to have the issue resolved immediately she informed me that she was dealing with dozens of other calls where a hacker had used a yopmail account to steal someone's xfinity e-mail account. She was even unwilling to remove the yopmail e-mail address that had been set up on my xfinity account to change my password. She said that she was not authorized to remove the fraudulent e-mail and that a higher department would have to do that. She said it would be three days before they could respond. She said since I have two step verification that I would be able to see whenever a hacker changed my password and I could just change it back.
So xfinity's response to someone stealing my e-mail account twice in 4 hours, was to tell me to engage in a struggle with the hackers to keep changing my password back every time after they changed it. If you have two step verification you can battle the hackers and hope they give up. If you don't your pretty much toast. One thing is for sure. You are not getting any help from xfinity.
Update: I spoke to a second person in the xfinity security department that told me not to worry about the fraudulent yopmail account on my xfinity account and indicated that this had happened with many xfinity accounts. She indicated that xfinity is still working to find the source of the hack. Apparently this this is a much more widespread issue than is being reported. It does not seem that xfinity e-mail is secure at this time.
buildersboy
Visitor
•
9 Messages
2 years ago
Change passwords on email and account. Then... In app clear cache and storage and reboot phone. Shades of T-Mobile for those who know about that.
(edited)
0
0
Lord_Basil
Contributor
•
30 Messages
2 years ago
Surprise, hijack happened, again. They were able to remove my mobile phone number, turn off two-step verification, and change my password. Oddly enough, even though they changed my personal email, they haven't verified it--weird.
I decided to look at the "new" personal email contents since it's a yopmail account. The latest "Your password recovery options are all set" email was there. So, I decided to verify it. However, the verification emails haven't showed up, yet--weird. Why would the "recovery options" email appear, but not the emails with the codes to verify the new email?
Is there some kind of internal war happening?
2
tempered_glas
Not applicable
•
7 Messages
2 years ago
So disappointed that this continues to happen for so many customers. The only workaround that I’ve found to stop this from happening was to ask Comcast to rename my account and primary email address. So, in order to stop the hack, I had to disable my email and have it bounce back to anyone trying to reach me. Sigh.. how ‘bout Comcast just fixes the problem. There are now articles all over the place reporting on this breach, you’d think they would want to fix this to fix the bad publicity. Sigh.
0
asdlkfj
Visitor
•
2 Messages
2 years ago
Yup, some thing happened to me. It has ben a total of about 4 or 5 times now. I don't know how they can change the contact email though if I have 2 factor turned on. I would like to use just an authenticator app but that doesn't seem to be an option as well.
The one just now was not yopmail, it was something else, but I didn't even screen shot it since I also talked to the security department, which was entirely unhelpful. After the 2nd time I changed passwords on all my recovery emails, and this last time I had to get a new gmail account to get back in, since you can't re-use the recovery emails.
The IP addresses can be looked at under the Recent Sign-In Activity. I lost the first couple IP addresses, but the last two have been in Atlanta, details below. Likely some VPN or something, but still, I hope xfinity is at least looking at the IP's and blocking logons from there.
P Details For: 45.134.140.171
Decimal: 763792555
Hostname: unn-45-134-140-171.datapacket.com
ASN: 212238
ISP: DataCamp Limited
Services: Datacenter
Assignment: Likely Static IP
Country: United States
State/Region: Georgia
City: Atlanta
IP Details For: 66.115.189.143
Decimal: 1114881423
Hostname: 66.115.189.143
ASN: 46562
ISP: Performive LLC
Services: Datacenter
Assignment: Likely Static IP
Country: United States
State/Region: Georgia
City: Atlanta
0
0
Paddymcgrath
Visitor
•
6 Messages
2 years ago
Have they locked this thread? I’ve posted twice
2
0
asdlkfj
Visitor
•
2 Messages
2 years ago
Since my original post (as asdf), I had had my primary xfinity userid account receive an unverified recovery email which is [Edited: "Personal Information"] a few times.
This morning I aded a new random word "viewer" account on xfinity.com, with comcast.net email, and subsequently made that my primary account on xfinity.
I have forwarded all email from my account I have had since 2003 to this new comcast.net email.
For various reasons, changing recovery emails, etc, I now have half a dozen gmail emails I had to create and ended up using and shuffling 3 recovery phone numbers.
I changed the preferred/used login for my original 2003 comcast.net account one of the new "personal" gmail account for logins to xfinity.com
Essentially I am making my original comcast.net email harder to add the [Edited: "Personal Information"] or [Edited: "Personal Information"] recovery email more difficult I hope.
I suspect all sights are now vulnerable to 2FA hacks and the way they exploit this, if I understand it, is using your known emails and known userid's.
Basically, a new userid for every site is now required it seems to be safe. It used to be reusing passwords was the vulnerable thing to do, and now it is reusing usernames / ids.
Unfortunately many sites still require emails for the userid (not just for contact later in the setup). This is not secure to 2FA hacks at all if you are using a known leaked/published/posted email.
(edited)
0
0
Lenox274
New Poster
•
6 Messages
2 years ago
Just checking in, my fake YOPMAIL is still attached to my Xfinity account as it is still "awaiting verification"
Will Xfinity at some point deleted these hacked emails from our accounts? It's been about six weeks.
Really embarrassing to see the original failure to protect our accounts, and then the lazy non-response to even do the obvious clean up to all the affected accounts.
Anyone from Xfinity care to address this?
#comcastyopmailfail
(edited)
3
0
Lkpolo
Problem Solver
•
507 Messages
2 years ago
This post is very frightening. I just checked my email and have no unfamiliar emails on my account. I did get a couple warnings from my Idenity Theft Protection that I pay for on my own. I saw that a VERY old password showed up twice on the dark web. There must have been a bad data leak at Xfinity sometime in November because my ITP sent me two notices since then. I will say that I was hacked several years ago and that is at the point that I got the ITP that I have from my home owners insurance. I don’t mean to throw shade on Xfinity but it is up to each one of us to keep our accounts secure at our own expense and save time, aggravation and stress later. Good luck to you all.
2