Hacked Xfinity account details that can be used to access Xfinity Wi-Fi hotspots, TV, and On Demand are being sold on darknet markets for as little as $5 worth of bitcoin.
The accounts have emerged on several darknet markets over the last few weeks, with AlphaBay – one of the most reputable markets on the dark web – attracting the most vendors.
While several vendors have used this opportunity to post fake listings for quick lucrative deals on some darknet markets, a great deal of them have been shown to be legitimate.
A highly rated vendor on AlphaBay, for instance, is selling access to an Xfinity account for only $5.
The high demand for the hacked accounts has reportedly drawn scores of sellers, who have now had to improvise ways to oust their rivals in the unregulated darknet markets.
Some dealers have even gone the extra mile to ensure their customers are taken care of even after the transaction is finalized.
After the bitcoin payment has been received from the buyer, the details are sent immediately for the account to be tested using a nearby Xfinity Wi-Fi access point.
The buyer is then expected to get back to the dealer to let them know if the details worked.
If they didn’t, the buyer may be given the choice to accept another set of details to try accessing another account with.
That said, most dealers do not offer refunds for accounts that fail to work because of lack of Wi-Fi access points in the buyer’s vicinity.
For the interested buyers, the concealment of darknet markets ensures one can reach dealers in an easy and straightforward manner as long as they are willing to meet the price.
Illegal selling and buying of hacked Xfinity (much like Netflix, Spotify, and payment card) accounts is not a new trade in darknet markets.
In November 2015, more than 590,000 Comcast login credentials were offered for sale on the dark web in what Comcast described as a major breach on its databases.
While the cable TV company was quick on the draw to reclaim the bulk of the accounts in the 2015 incident by advising its users to change their email addresses and passwords, breaches on its databases have evidently remained a continuous threat with thousands of accounts having been offered on darknet markets since.
The recent incident has particularly been highlighted by the increased number of vendors and the amounts the accounts are going for.
On the users’ part, it should be obvious that the lifetime access they are being offered by the vendors may not last to see out its lifespan as Comcast will certainly try to track the hacked accounts, recover them, and patch the vulnerabilities.
Either way, $5 is an amount many users would be willing to part with for a TV and internet subscription, even if only for a few weeks or months.
More to the point, using the credentials of a hacked Xfinity account does not prevent the account owners from accessing the service, cost them more, or disrupt their service.
This will likely play a factor in the amount of time it will take for the hacked accounts to be detected and resolved by Comcast – the sole losers of this incident.
The company has yet to issue an official statement regarding the issue yet, but that could be because they have nothing to communicate to the users that could help prevent the account hacking.
The steps being taken by the company to track the hacked accounts has likewise not been communicated.
As for a preventative solution in the future, a form of two-factor authentication may be one of the only options for services such as Xfinity, Netflix, or Spotify.