cancel
Showing results for 
Search instead for 
Did you mean: 

Looks like ISP email security has been compromised?

Andrew-G
Alessandro Volta

There's a steady stream of people reporting hacked Blueyonder and NTL email accounts - 162 threads in the past month that include the word "hacked".  Given the pretty low numbers of users still using BY and NTL emails, that's pretty worrying. 

At any point in time there will always be some users having their accounts compromised, that's usually not the ISP's fault.  But to have so many reports cropping up looks like something bad has happened - either brute force attacks are working due to inadequate security measures by VM's email service provider, or password tables have been leaked because the email provider themselves have been compromised.

Would somebody from VM like to issue a vague denial, some corporate claptrap about "taking your data security seriously", so that we can put the issue to bed, and everybody who's been hacked can feel guilty that it's their fault? 

36 REPLIES 36

jpeg1
Alessandro Volta

I asked this before and was met with a deafening silence. There does seem to be a systemic problem somewhere.

A common element is that hacking the email gives access to the Facebook account. Not being a subscriber to FB I don't see why it should be so. Is it just that people are unwise enough to use the same password for both?

If VM can't heal this running sore, perhaps it's time to bring forward the date for turning off their life support for email. 

- jpeg1
My name is NOT Alessandro. That's just a tag Virginmedia sticks on some contributors. Please ignore it.

ModTeam
Moderator
Moderator

Hi Andrew-G,

Thanks so much for your post and alerting us regarding the latest trending topics within our Community Forums.

We are aware of this increase in both usage of the term, as well as where actual compromises may have taken place. Rest assured, we will always endeavour to take our customer's data and privacy seriously and therefore have already made the necessary enquiries with our Internet Securities teams.
We would never advise being hacked as a customer "fault" if that has occurred at any point then we wholeheartedly apologise. We have robust tools, online scanners like F-Secure and ESET as well as other processes and helpful guidelines in place here to support any of our customers who believe they may have been hacked.  Our Security Hub can be found here: also.

Of course, by all means, please continue to notify us via the forums, where a forum team member can take your details and send them to IT on your behalf to have them deleted as the majority have requested.

Cheers,
The ModTeam

goslow
Alessandro Volta

@jpeg1 wrote:

I asked this before and was met with a deafening silence. There does seem to be a systemic problem somewhere.

A common element is that hacking the email gives access to the Facebook account. Not being a subscriber to FB I don't see why it should be so. Is it just that people are unwise enough to use the same password for both?

If VM can't heal this running sore, perhaps it's time to bring forward the date for turning off their life support for email. 


Suspect that many of these cases are from customers who have thought the account was deleted but, in fact, the account has remained fully functional. For customers reusing passwords across different services, user data appearing on leaked lists would allow an easy way in and then access to other services via the email account.

When I left VM last year, I took steps to ensure the old email accounts were deleted (requiring additional follow up from me to get the last one deleted, despite being told it was being done). During the process, the accounts entered a 'twilight' condition where I lost access via the web interface and email client but the accounts still responded to curl command tests that they still existed returning - Account is Locked, change to new password is needed (VM303). I wonder if the hacking community has found some way to remotely unlock these dormant/locked accounts.

I think I have also read on some of these topics that the customer claimed a unique and secure password was in use on the account, which is interesting.

Beyond my tech skills to come to any conclusions but certainly raises big data protection questions about how VM is handling customer data once the customer has left.

jpeg1
Alessandro Volta

Yes. Under GDPR, Virgin should not be keeping accounts containing personal personal data for people who are not customers. 

- jpeg1
My name is NOT Alessandro. That's just a tag Virginmedia sticks on some contributors. Please ignore it.

goslow
Alessandro Volta

@jpeg1 wrote:

Yes. Under GDPR, Virgin should not be keeping accounts containing personal personal data for people who are not customers. 


And, IMO, I think the same argument also applies to customers who have continued to use a working VM email account long after they have left VM. The fact that VM has not deleted the account, as per VM's own stated criteria, also puts the former customers' data at risk by allowing them to carry on using an unsupported account.

I have noticed the increase in messages about being hacked.  I myself was a victim of this recently.  I still use my Blueyonder email account, and I am a VM customer.  So it would seem that this trend is not limited to old or unused accounts.  I was surprised at how easy it was to change my password with no request for any other authentication to prove that it was me.  This changed my password not just for my emails, but all my VM accounts.  Without any MFA this seems like a loophole that hackers could exploit, and I am surprised VM do not have more rebust security for my account.

jpeg1
Alessandro Volta

@goslow wrote:

@jpeg1 wrote:

Yes. Under GDPR, Virgin should not be keeping accounts containing personal personal data for people who are not customers. 


And, IMO, I think the same argument also applies to customers who have continued to use a working VM email account long after they have left VM. The fact that VM has not deleted the account, as per VM's own stated criteria, also puts the former customers' data at risk by allowing them to carry on using an unsupported account.


Absolutely. By accounts I was including any type of record. As far as GDPR is concerned it is just data on individuals who are no longer customers, and whose data should have been deleted.

- jpeg1
My name is NOT Alessandro. That's just a tag Virginmedia sticks on some contributors. Please ignore it.

jpeg1
Alessandro Volta

There are still reports coming of ntl email accounts being hacked, with serious consequences for users.

I'm preparing a report to go to Action Fraud and the Information Commissioner's Office, and will be including a link to this thread. 

Is anyone here not happy with this? 

 

- jpeg1
My name is NOT Alessandro. That's just a tag Virginmedia sticks on some contributors. Please ignore it.

The steady stream of compromised email accounts is beyond coincidence.

Where email clients are involved, there are continuing reports of existing credential suddenly being rejected.

One might conclude a password script had been applied to the email servers opening the door to the current situation.