Xfinity mobile and gateway both hacked

How do you handle a data breach?  Scorched Earth Approach: 

The prep:  Download an Ubuntu DVD or Memstick image (boot from usb device) -- ubuntu.com.  Create the boot disk/usb stick.  Boot it with something and make sure it works.  Don't install Ubuntu.  It runs in computer memory and won't touch your hard drive.  If you have backups for your computer gear, great.  If not, you need external media like a USB hard drive large enough to store your data -- that's cheap these days.  Compromised backups are a risk, so just restore docs and photos, not applications, just reinstall those.  Make sure you have an active virus scanner running when you load them back to your wiped gear, even on a Mac.

Yank the power cord on the gateway.  Shut the phone off.  You are going to the phone store.

The hardware IMEI number in the phone is burned, so it can be cloned/crammed (move the service to some other carrier along with the phone number).  Change it out at your carrier's store.  Even if it's not hacked, you don't want it calling 911.  There can be penalties for that when they tire of you. Do this 1st.  Have the carrier just load your contacts.  Explain you think it was hacked, and you don't want previous apps or cloud backups if you were doing that nonsense.  Never use cloud backup.  Do that locally instead. You can re-download apps yourself.  You can recover photos from old cloud backups, but use a web browser from a PC.  Change your phone carrier password with the phone before you leave the store (my Verizon/apple ID....etc).

When you get home, make a list of every login/password you have for later while still offline.  Your web browser(s) have a list if you saved passwords there.  Shut everything off. Roku/Firestick/tablets/cable boxes.....everything.  Don't turn them back on.  You want to prevent other devices infecting your clean ones.

You can factory default your gateway by holding in the WPS button until the lights flash.  Or (more better), buy one that isn't managed by an Xfinity phone app on the least secure device you own, and it won't be a phone problem anymore.  It has to be an 'approved' modem https://www.xfinity.com/support/articles/list-of-approved-cable-modems , shop around for prices. It shouldn't be getting hot anyway -- hacked or not, and you can swap that out at the Xfinity store if there is one by you, or do it by mail:  https://www.xfinity.com/support/articles/returning-your-equipment

Now boot the Ubuntu DVD/USB stick.  Create a drop email account with it.  Gmail/Protonmail, wherever.  Now change your Xfinity.com password, and the recovery email password to your new drop email account.  Change the SSID name your gateway is broadcasting.  Do this with every other account and enable 2-Factor to your new phone on all of them, especially banking information and any online service with credit card information.  Use the recovery email "forgot password" option on web sites to change the password on ALL of them again to make sure that your new drop account works.

One Device at a time:  Factory default streaming devices and reconnect them using the new credentials you just set.  Tablets are tougher, USB cable them to Ubuntu and move data you want to an external hard drive -- or just factory default those too.  Usually the content is somewhere else for a tablet and it's not important.   If you don't have backups for PC's, boot them with Ubuntu, and move your docs/photos to an external drive, then reset Windows.  On a Mac, it's a special case.  You have to install hfsprogs in ubuntu to mount the disk drive and read it. (search online for Mac mount disk).

Remember, we're not trying to reinstall infected apps from cloud backups, or you may just have this problem again.

 Best, is to reformat hard drives and reinstall the operating systems instead of resetting them, but you'll need install media for that and make sure you have a license key for the Windows. 

Nuke it from orbit.  It's the only way to be sure.

Thanks for taking the time to reach out to us regarding your security concerns. I highly recommend reaching out to our experts on our Security Assurance teams. They are going to be able to ensure that your internet and phone services are secure and are the ultimate experts with this kind of experience. You can reach them directly through their website https://internetsecurity.xfinity.com/help/report-abuse or via phone 1-888-565-4329 during the hours of 8:00am - 12:00am EST, 7 days a week.