Menu
Reply
Highlighted
Superfast
  • 210
  • 8
  • 76
Registered: ‎04-06-2015
Message 1 of 1 (175 Views)

Account breached... what steps do Virgin Media take?

Following on from this post: http://community.virginmedia.com/t5/Security-matters/TLS-SSL/td-p/3357765, I'm curious what steps Virgin Media when they suspect an account has been breached.

In that particular thread, it appears VM have advised the customer to use TLS in a letter around 2 weeks post-breach. Unless @7WalnutClose has skipped over the rest of the letter, this sounds like a ludicrous response.

Surely, it'd be prudent to either lock the account (such that no further spam can be sent) or force a password reset and then advise the customer to use a secure protocol in future?

With that in mind, can someone at VM explain the process of alerting customers of a potential breach please?

WRT: security/TLS...

I'm all for promoting the use of TLS, however much of VMs infrastructure is woefully configured... and in many cases, completely & utterly insecure.

For example, the TLS certificate on virgin.net, blueyonder.co.uk & ntlworld.com are all invalid (expired, wrong common name, SHA1 signed, weak cipher suites et al).  Quite how your admins have missed a cert which expired in 2015, I'll never know.

Another example: https://mobile.virginmedia.com (https://www.ssllabs.com/ssltest/analyze.html?d=mobile.virginmedia.com&hideResults=on) ... it's vulnerable to LuckyNegative20/FreezerBurn and as such, is insecure... and yet you process personal data, payments & orders via that endpoint.  Again, this has been the case since May 2016 and with a CVSS BS of 5.9, it's something which should have been patched almost immediately.  None of the email service endpoints are HIPAA/NIST complaint either, for various reasons (typically a lack of stapling/protocol support).

Thanks.

Reply
0 Kudos