It seems like they have been hacked. This is quite a few people with the same issue. ROGER was the name I had. I have, thanks to the dodgy security VirginMedia implement, change the password back as my account was still logged in under the old password. I still can't change details like the phone number. This leads me to believe the person who hacked may be able to still view the emails if his session is still active.

This is a pretty big problem and I'm phoning Sky tomorrow to see what they can do for me. This is totally unacceptable.

I'm getting the same thing. I got the email for PHILIP. I've phoned support and they changed my password for me but its been changed again without my consent. I cant even reset my password as the website just hangs once I give my security info.

I'm hoping its just a bug in their system.

From what I've just experienced, the sessions are still active in browser windows. My wife could still access my emails and reply after my account was hacked and, after I changed my password a further couple of times. It has no effect on these sessions until they time out.

Which brings up the question, when changing the password, the person changing the password should have to type the existing one in! Why is there no sign out of all sessions feature? What's going on?

Yes they have been hacked. Virgin phone jockey admitted it to me tonight. I also had the ROGER email.

Why also are support acting like this is an individual problem? Obviously 100s if not 1000s of people are affected. Support hung up on me when I said I was going to say this was a hack publicly on social media.

We need some answers VM. Look at all the posts on this forum. If you have been hacked you need to stop hiding it. How is this going to be fixed and when? 

Hi,

This has happened to me TWICE in 2 days. The latest one was tonight.....

Virginmedia need to get this escalated quickly. The decription of the hack, even down to the recipient of the email also match. Details of the incidents below: 

1. 12/11/2022 02:49
Email received - "Virgin Media – you’ve updated your password (KMM78652337V21337L0KM)"
The email was addressed to 'Hello PHILIP'

2. 14/11/2022 21:05
Email received - "Virgin Media – you’ve updated your password (KMM78821140V59894L0KM)"

This time the email was addressed to 'Hello ROGER'.

On both occasions I've changed my password and changed my security question/answer.  It appears this is no deterrent.

I've submitted an Email Account Hack to https://netreport.virginmedia.com/

Hi,

It looks like quite a few people have seen their email accounts hacked and passwords changed, then changed again. I believe this isn't helped with the sessions on browsers keeping the other person signed in even after they have changed their password.

What might help, if you can access your email, is go to the settings in the upper right (cog), goto security, then set Automatic sign out to 5 minutes. Ensure forwarding isn't set to another email address.

Then, if you can, go to the virginmedia account and change the password and security question. Hopefully, if anyone is manually doing this, they should be signed out before they can change any settings.

I still can't change the phone number on the account which is worrying, but my password has remained the same for the past hour. Hopefully someone is working on this... and will implement 2 factor auth.

I had the same issue now twice - second time was tonight (14/11/2022).

Password was changed, email notification received for unauthorised change was with this ticket reference: KMM78822148V60880L0KM - addressed to "ROGER"

Previous ticket reference received (12/11/2022) for unauthorised change had this ticket reference: KMM78652505V23121L0KM - addressed to "PHILIP"

I raised this with the help team by phone (with Joshua, based in your India office) but seemed like there was no indication of any changes to my account.

Please review and advise asap.

Try setting your automatic sign out to 5 minutes (when viewing your inbox, click the cog for settings, then go to security). This should hopefully sign out an active sessions if the hacker is manually doing this. If he's not, they have a much bigger problem on their hands...