Menu
Reply
C0deM0nkey
  • 47
  • 0
  • 10
Dialled in
653 Views
Message 1 of 11
Flag for a moderator

My Dad's Virgin Media email and account have been hacked - Quickest way to regain control of email?

Yesterday my dad lost access to his Blueyonder email account and the associated Virgin Media account at 9:30 am - his email client reported incorrect username / password and his attempts to login to the Virgin Media website reported similar messages.

He called customer service who checked his router (?) and passed it to another team for investigation.

Since then, his Virgin Mobile account and PayPal accounts have been breached and he has an £800 fraudulent transaction in play on PayPal. He can no longer use his mobile for calls or sms (presumably because this has been breached as well).

What is the quickest way he can lock the intruder out of his email account to prevent further associated service breaches whilst he mops up this mess?

Note I'm well aware of what to do regarding handling this situation except for resetting the password on an email account that he can no longer access. Is there a quicker route than another hour on the phone to customer services (given that his current call order is the bank, Paypal then VM)?

Tags (2)
0 Kudos
Reply
C0deM0nkey
  • 47
  • 0
  • 10
Dialled in
627 Views
Message 2 of 11
Flag for a moderator

Re: My Dad's Virgin Media email and account have been hacked - Quickest way to regain control of email?

He's spent the whole morning on the landline dealing with the aftermath of this.

The financial transactions have been reversed thanks to his bank, he's got access back to his email account and is now waiting on a temporary SIM from Virgin Mobile while they reverse the changes made to that account. Apparently the hacker(s) leveraged his email account to gain access to the mobile account, changed the address and then ported the number to Vodafone.

I am disappointed on a number of fronts with Virgin Media's handling of this and have raised some security issues for both Virgin Mobile and Virgin Media with the social media teams. I'll be working with my dad to isolate his Virgin Media email account away from other services and migrate them to another email service with more security (I did this for my own account some years ago).

I'm just hugely relieved that his online banking does not use SMS 2FA otherwise the financial outcome could have been irreversible.

 

0 Kudos
Reply
用心棒
  • 5.94K
  • 667
  • 2.06K
Very Insightful Person
Very Insightful Person
601 Views
Message 3 of 11
Flag for a moderator

Re: My Dad's Virgin Media email and account have been hacked - Quickest way to regain control of email?

Good to read of favourable outcome and I hope others will heed the advice of using a more secure email service.

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos
Reply
Anankha
  • 2.15K
  • 163
  • 495
Problem sorter
593 Views
Message 4 of 11
Flag for a moderator

Re: My Dad's Virgin Media email and account have been hacked - Quickest way to regain control of email?

Does your Dad reuse passwords on several websites? If so then this is most likely how the hackers got access to his banking details. If not then there may be malware on his PC.
He/you should run Malwarebytes & AdwCleaner.

Glad to hear he’s recovered many of his accounts.

0 Kudos
Reply
C0deM0nkey
  • 47
  • 0
  • 10
Dialled in
585 Views
Message 5 of 11
Flag for a moderator

Re: My Dad's Virgin Media email and account have been hacked - Quickest way to regain control of email?


@Anankha wrote:

Does your Dad reuse passwords on several websites? If so then this is most likely how the hackers got access to his banking details. If not then there may be malware on his PC.
He/you should run Malwarebytes & AdwCleaner.

Glad to hear he’s recovered many of his accounts.



Thanks.

No he doesn't reuse passwords - all his passwords (with the exception of the Virgin Media password which is of course restricted by the applied policy) are strong, generated and stored in a secure password manager. 

The hackers didn't gain access to his banking details - all the breaches were done by leveraging the email account access.  His banking requires two factor authentication with a hardware token. A real example of the benefits of 2FA that is not routed via SMS, which I assume is what the attacker was hoping for when they compromised his mobile account (which was also accomplished with a disturbing lack of verification requirements for the port request).

As I said in my original post I'm comfortable with the steps to take after a breach; I've handled far worse in my professional life over a two decade long career in technology services.

I posted here originally because I was trying to establish how best to get the email account recovered quickly to minimise the damage - I had hoped a member of the forum team would have provided guidance better than available in online help: https://www.virginmedia.com/help/virgin-media-account-has-been-hacked - it is somewhat difficult to help at a distance.

Unfortunately the VM guidance simply doesn't work where the compromised email account is the account holder account, because one cannot login to reset the password. This leaves contacting customer services as the only option, but requires them to be sufficiently trained in recognising this type of scenario. If his first call to customer services had been taken seriously based on the issue he reported and investigated instead of time wasted reviewing his router configuration the hacker would not have had so much time to daisy-chain access into other accounts and services.

Ayisha_B
  • 1.36K
  • 49
  • 132
Forum Team
Forum Team
541 Views
Message 6 of 11
Flag for a moderator

Re: My Dad's Virgin Media email and account have been hacked - Quickest way to regain control of ...

Hi C0deM0nkey,

 

Welcome back to our Community Forums and thank you for your post.

 

I am very sorry to hear this has happened. I can appreciate how concerning this must have been for you and your Dad.

 

Thanks for coming back on the thread and providing further updates.

 

I am glad to hear all has been resolved and the outcome was indeed favourable.

 

Have a great weekend!

Ayisha_B
Forum Team



New around here? To find out more about the Community check out our Getting Started guide


0 Kudos
Reply
Anankha
  • 2.15K
  • 163
  • 495
Problem sorter
520 Views
Message 7 of 11
Flag for a moderator

Re: My Dad's Virgin Media email and account have been hacked - Quickest way to regain control of email?

Glad to hear he doesn’t reuse passwords. 
Yes most likely another call to VM is required unless support can help here.

0 Kudos
Reply
用心棒
  • 5.94K
  • 667
  • 2.06K
Very Insightful Person
Very Insightful Person
501 Views
Message 8 of 11
Flag for a moderator

Re: My Dad's Virgin Media email and account have been hacked - Quickest way to regain control of email?


@C0deM0nkey wrote:

@Anankha wrote:

Unfortunately the VM guidance simply doesn't work where the compromised email account is the account holder account, because one cannot login to reset the password. This leaves contacting customer services as the only option, but requires them to be sufficiently trained in recognising this type of scenario. If his first call to customer services had been taken seriously based on the issue he reported and investigated instead of time wasted reviewing his router configuration the hacker would not have had so much time to daisy-chain access into other accounts and services.

IMHO it would be good to see acknowledgement of the issue raised by C0deM0nkey being feedback to the call handler / team so better judgement can be exercised in future to resolve what was a time critical situation; were this an internet access issue the troubleshooting process undertaken (on the Hub) would have made sense but it was not.

C0deM0nkey
  • 47
  • 0
  • 10
Dialled in
496 Views
Message 9 of 11
Flag for a moderator

Re: My Dad's Virgin Media email and account have been hacked - Quickest way to regain control of email?


@用心棒 wrote:

IMHO it would be good to see acknowledgement of the issue raised by C0deM0nkey being feedback to the call handler / team so better judgement can be exercised in future to resolve what was a time critical situation; were this an internet access issue the troubleshooting process undertaken (on the Hub) would have made sense but it was not.


What makes the handling of the original call so much worse is what I found out when I spoke to my dad today..

When he regained access to his email account he found emails in the web mailbox (marked as read - presumably by the hacker) advising him that an appointment for an engineer to visit his home had been arranged by the original call handler. 

  1. She didn't mention this on the call with him
  2. He was informed that what he was reporting would be investigated
  3. He was reporting he couldn't access email or his account - why send him an email?
  4. This would have indicated to the hacker that they could continue to operate with VM being none the wiser.

The call handler told my dad she had only been working for VM for 10 days, so in no way does this reflect poorly on her. It does however raise serious questions about how VM train their call handlers and how they handle customer data and account security as an organisation. It is clear that whatever troubleshooting / investigation was done during the original call was misdirected at best, and a box-ticking exercise at worst.

My dad has now completed 3 separate independent anti-malware scans of his devices using portable scanning agents from reputable vendors. There is no issue with either his device security or the way he manages account credentials. 

He's reviewing all his online accounts, closing any unused ones and changing the passwords on all that remain as we have to assume that every account linked to his VM email address is compromised. Once that is done I will help him move any online shopping accounts to a new email account on a domain I own and manage that offers multi factor authentication and of course 24/7/365 instant support from his son. 

Zak_M
  • 4.36K
  • 257
  • 414
Forum Team
Forum Team
456 Views
Message 10 of 11
Flag for a moderator

Re: My Dad's Virgin Media email and account have been hacked - Quickest way to regain control of ...

Thank you for coming back to us @C0deM0nkey 

 

Once again, we are really sorry to hear that this has happened and we really do apricate the feedback that you have provided regarding this. 

 

I have fed this back to our management team in order for them to review, in the hope that moving forwards we can improve the outcome and the service we provide. 

 

Kind regards,

Zak_M