Constant Password resets

Please see this thread:

https://forums.xfinity.com/t5/Sign-In-and-Account-Management/Top-Identity-Troubleshooting-Steps-Incubation-Thread/td-p/3366881

I read that thread and none of it applies to me - I'm still getting PW reset requests every other day - this is nonsense! If a hacker is trying to get into my email for god knows why it's probably set up in an algorithm to keep trying to guess PW's daily until it gets locked out, which means this will go on forever. I cannot change my Comcast ID, way, way too many people have it and many online accounts are registered using it. There HAS to be a way to get this to stop - from Comcast's side - like blocking the IP of a computer that is constantly trying to break into a Comcast account.

Rehashing the article part that's relevant to folks:

I'm being repeatedly listed as compromised and I'm prompted to reset my password

There is a possibility that the credentials or your device may in fact be compromised (and re-compromised), there are a variety of root causes associated with similar symptoms. We do highly recommend you have a strong password, enable Two-step verification, update your OS, determine if you've been part of a data breach. There's a great guide here and here by HowToGeek around this for those who aren't as familiar with how to secure your computer, and a very advanced guide on how to remove any viruses/trojans, etc. If you have spyware on your machine or device, whatever you change your password to will be recaptured and used by bad actors.

Two-step verification does secure your account as long as your contact points aren't compromised as well, and does not prompt you every time

@Indigo 

1. Have you tried all of the steps above to verify your account is secure?
2. You don't need to change your username / comcast.net email, it's your password that matters.
3. Have you enabled two-step verification? 

Comcast does takes steps to prevent bad actors, none of which can be disclosed here for obvious reasons. For example, if you have a keylogger on your machine/browser, it won't matter how much security we have on our end, as the vulnerability is on the machine side. 

Both of my Comcast email accounts show

"Oh no — pwned!

Pwned on 4 breached sites and found no pastes (subscribe to search sensitive breaches)"

No surprise since they're over 25 yrs old, and the https://haveibeenpwned.com/ website shows databases containing literally billions of email addy's have been breached just since 2018 - I would bet most Comcast email addies would show up as "pwned" on that website.

Two-step verification is enabled. I use Windows Defender, Windows Firewall, and AVG Free to protect my PC (have used all three for the last 15-20 yrs) and have never been infected with any malware. Just ran a SuperAntiSpyware scan and nothing showed up but some tracking cookies, deleted them but they don't cause problems like this. What now?

Thanks for the info, I spoke with the security team on your case. Could you enroll in multi-factor authentication and come up with a completely unique and strong password for both your Xfinity and your non-comcast email, and ensure two-step veification is turned on with your respective non-comcast email as well?

---

@Indigo wrote:

Both of my Comcast email accounts show

 

"Oh no — pwned!

Pwned on 4 breached sites and found no pastes (subscribe to search sensitive breaches)"

 

No surprise since they're over 25 yrs old, and the https://haveibeenpwned.com/ website shows databases containing literally billions of email addy's have been breached just since 2018 - I would bet most Comcast email addies would show up as "pwned" on that website.

 

Two-step verification is enabled. I use Windows Defender, Windows Firewall, and AVG Free to protect my PC (have used all three for the last 15-20 yrs) and have never been infected with any malware. Just ran a SuperAntiSpyware scan and nothing showed up but some tracking cookies, deleted them but they don't cause problems like this. What now?

---

I don't have a smartphone, so I can't use that app. Would be too cumbersome anyway - my email software polls the Comcast servers every 5 minutes. Something odd happened yesterday, may be related to attempts to break into my main Comcast account, may be a coincidence - I got an email from the online stock broker Robinhood asking me to confirm I had requested to open an account, email was definitely from Robinhood, I ran it through SpamCop to check the source and embedded links, and confirmed it was a valid email - it wasn't a phishing attempt, somebody really did try to open a Robinhood account using my Comcast email addy.  Perhaps whomever was trying to break into my account wanted to intercept that email before I downloaded it? No idea what that would accomplish in the end, unless they intended to try to break into the Robinhood account if I had set one up.

A few more questions @Indigo 

1. Which email software are you using?
2. Do you have any unauthorized or suspicious browser extensions?
3. Do you have old versions of Java running?
4. Are you still running Flash?
5. You mentioned Windows Defender...which operating system are you using? We recommend running Windows 10 to recieve the latest windows updates. Older operating systems such as Windows 7 are beyond any security patch lifecycles and are not supported by Microsoft security updates. 

Our systems are detecting multiple reasons to flag your account as compromised and getting recompromised. It is also worth checking out https://www.identitytheft.gov/  to go through the steps listed in their assistant given the severity of your case. 

---

@Indigo wrote:

I don't have a smartphone, so I can't use that app. Would be too cumbersome anyway - my email software polls the Comcast servers every 5 minutes. Something odd happened yesterday, may be related to attempts to break into my main Comcast account, may be a coincidence - I got an email from the online stock broker Robinhood asking me to confirm I had requested to open an account, email was definitely from Robinhood, I ran it through SpamCop to check the source and embedded links, and confirmed it was a valid email - it wasn't a phishing attempt, somebody really did try to open a Robinhood account using my Comcast email addy.  Perhaps whomever was trying to break into my account wanted to intercept that email before I downloaded it? No idea what that would accomplish in the end, unless they intended to try to break into the Robinhood account if I had set one up.

---

• Which email software are you using?

Winmail.exe - the version that shipped with Vista, works on any Windows PC.

• Do you have any unauthorized or suspicious browser extensions?

No. Very careful with browsers and extensions - don't see how that could be a problem anyway, nobody is trying to access the Xfinity.connect website to get email via my PC, all remote access is blocked.

• Do you have old versions of Java running?

Just checked, had one old version installed, updated to the latest JRE runtime environment and it deleted the out of date version. Again, not sure how that plays a role here.

• Are you still running Flash?

Yes, have to, the SiriusXM web player requires it, and I keep it up to date.

• You mentioned Windows Defender...which operating system are you using? We recommend running Windows 10 to recieve the latest windows updates. Older operating systems such as Windows 7 are beyond any security patch lifecycles and are not supported by Microsoft security updates. 

I'm on Windows 10.

Our systems are detecting multiple reasons to flag your account as compromised and getting recompromised. It is also worth checking out https://www.identitytheft.gov/  to go through the steps listed in their assistant given the severity of your case. 

I was a victim of ID theft in 2015 when a security clearance database stored at the Federal Government Office of Personnel Management was hacked (22M personnel files were stolen containing employee names, home addresses, SS #'s, plus other stuff) - I filed police reports, had my credit frozen, did everything I could to lock down my personal data. I don't believe my Comcast email address was contained in the database, my old government email would have been used if I needed to supply one to obtain the temporary 1-day security clearance I got in 1992. 

I haven't had ID issues for years except for my Amazon CC being stolen several times - my Amazon account is tied to the Comcast email account that is having this problem, but I don't know if stealing my CC # and full name would provide a hacker access to that Comcast email - I've never had a fraudulent transaction on the Amazon website itself.