Skip to main content

  • Home

  • Getting Started

    • Offers

nuclear7's profile
nuclear7
Expressive Exchange
Conversation Starter
1st Reply

Contributor

 • 

19 Messages

Wednesday, December 21st, 2022 10:13 AM

Closed

My Account Was Compromised with 2FA On. How is this Possible?

My password was stolen and I was using 2FA. The culprit was able to change the secondary email without my phone being notified. What's the point of this when it doesn't seem to work. I know I should call customer service right? Well, I did but the all I can get is the foreign help desk that transfers me to security. I signed up for a call back yesterday at 4 PM EST and the wait was 4 hours. By 9 PM EST, I had received no call back so I called again. Once again, I was transferred to security and it started out with a 40 minute hold and continued to go up. When it hit over an hour, I hung up. Comcast has obviously been breached. Thank God, I no longer store any payment information with the company so at least my CC number won't be stolen again. Comcast has a serious problem with 2FA and its terrible, foreign based customer no-service.

Question

 • 

Updated 

2 years ago

285

2

This conversation is no longer open for comments or replies and is no longer visible to community members.

Was this helpful?

whiteknight

Visitor

 • 

5 Messages

2 years ago

0

flatlander3

Problem Solver

 • 

1.5K Messages

2 years ago

We've been talking about that for a while.  My logs show data leak from 10/27/2022 with data being distributed in the wild.  It's a problem.  Broken API or contractor compromise.  https://forums.xfinity.com/conversations/email/just-how-many-had-their-xfinity-email-hacked-yesterday/63a22372ebc755162835f320

Don't use Xfinity for a password recovery mechanism and unlink any other account you have with them, specifically banking information.  Make a drop email account somewhere else if you don't run your own email server.  Gmail, protonmail, wherever/anywhere but Xfinity right now.

1

tempered_glas

Not applicable

 • 

7 Messages

@flatlander3​ yeah, my first hack was around 11/8, I was able to regain access, set a random 64-character password, reenable 2FA, and then it happened again on 12/19 and 12/20.  The only way I’ve been able to stop it is to change the name of my userID/password.  Their security department was not helpful and didn’t know what was going on.

2 years ago

forum icon

New to the Community?

Start Here