cancel
Showing results for 
Search instead for 
Did you mean: 

Email Security Breach

Felixkat
Up to speed

I have owned a ntlworld.com email address from when I originally took my contract out with NTL.  This email address has been retained through the various Virgin Media email server migrations over the years.  This email address is also my account login for Virgin Media.

This email account has very limited use and is only used for Virgin Media itself.  I believe the only other organisations  who have access to this address are Virgin Media 3rd parties, Netflix, YouTube and Sky for my streaming accounts and Yodel for when I have received equipment.

So with this is mind it was very unusual to start receiving SPAM and Phishing messages yesterday.  The majority was asking me to verify a Tinder account, something I have never owned.

One message however was a well known message with the subject "ALARM! I'm hacked you and stolen you information and photo"  This particular message was concerning as they have told me they have hacked my account including my password and actually revealed what my password is.

This leads me to believe there has been a breach somewhere, this breach can only have been from my end or Virgin Media's end.

I own many email addresses across many domains and rarely sign up for any service or supply an email address to more than one organisation.  So I'm am quite confident the breach isn't my end.

The password was changed in the last 12 months and the only reason it was changed was due to a request from VirginMedia staff across WhatsApp in attempt to fix an outstanding issue that I had, which incidentally was never resolved in 18 months!!  This password change was performed in a supposedly secure form.

 

After seeing this messages this morning and that my account had been breached I attempted to login so I could change my password.  Trying to access my online email account showed the following message.

Your Virgin Media Mail account is currently unavailable

This is either because your Virgin Media Mail account is locked, or because you don’t have an active account with us anymore.

Figuring that my account has been locked due to the password breach I attempted to change my password.  This took me to another page with the following message.

Before you verify your identity, we need you to change your sign in email address to one that isn’t from Virgin Media. Otherwise, if we send the code to your Virgin Media email address you might not be able to access it.

This seems like a good idea and something that I'm surprised took so long to implement!!

I supplied an alternative email address and then carried on with my work.  A short while later I accessed the email that Virgin Media sent which was to verify my new email address.

This however didn't work as the link had expired, despite being a short period of time.

The email we sent you to verify your changes has now expired.

You will need to request this change again via the Account details page, a new email will then be sent.

BUT, I cannot request the change again because when I do I'm told,

You've recently requested to change the email address you use to sign in to My Virgin Media. Please check your emails and verify this change before making further account changes.

So essentially I am now in a loop and I am not able to change a password which is out on the internet.

I need to be able to change this password and I need somebody to investigate data breaches.

1 REPLY 1

用心棒
Very Insightful Person
Very Insightful Person

To exit the loop:

  • submit another non-Virgin Media email address
  • immediately submit the previous email address

-- 
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Select Mark as Helpful Answer or 🖒 Kudos to say thanks