Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password reset - different name (Investigating)

aaaanditsgone
Tuning in

on ‎14-11-2022 19:07

Hi,

My virgin media account password has been reset by someone else several times since last Friday. Shortly after it happens, I lose access to my email and have to reset the password to regain access. I have also changed the recovery answer to a long random string which didn't help.

Is there some kind of exploit with the password reset system that allows an attacker to bypass the recovery question? The last two password reset emails even show a different name to the one from my account.

Thanks

 

 

[MOD EDIT: Currently under investigation. Multiple threads merged]

331 REPLIES 331

Kadrevex
On our wavelength
In response to Rosscrooks

on ‎14-11-2022 23:05

Will definitely do this once I can get access again.

Unfortunately I cant even reset my password as the once I put my security info in the website just hangs.

Rosscrooks
On our wavelength
In response to oakleyd

on ‎14-11-2022 23:06

It was nice of them to send a message out to their customers and inform them. Or, at the very least, lock the accounts so the emails can't be read. I've got details of paypal transactions, records of recovery emails etc. Brutal...
0 Kudos

Rosscrooks
On our wavelength
In response to Kadrevex

on ‎14-11-2022 23:14

I've had to close my browser then re-open it again. Sometimes typing "mail.virginmedia.com" takes me to the right place. It's a mess. I've never really had to deal with the website before much.

 

Btw I also remove any authorised devices and signed in on my phone and set it up using just that phone. Possibly another method to ensure security?

sixfoottwo
On our wavelength
In response to Minimitts

on ‎14-11-2022 23:16

I have received 2 emails from webmail@virginmedia.com, both addressed to the incorrect, but different christian names, telling me my password has been changed.

Can anyone shed any light.  The emails look genuine but I haven't changed my password

0 Kudos

MonkDave666
On our wavelength
In response to Phixion

on ‎14-11-2022 23:20

Oh well there we go then. I had PHILIP hack me on Saturday and JUST had ROGER hack me tonight - what in the absolute hell is going on? Any of you guys on an old ntlworld.com address? I have three other email addresses set up with Virgin, two of them being virginmedia addresses and they've been fine. It's just my oldest main one - which is an absolute nightmare as I have a lot of important stuff coming in on it. 

On Saturday I had to phone and get it changed, today I managed to change it with the answer to my reminder question - which luckily for me this time around was still what I'd set it at - there really needs to be a way of linking another email account so these "you have changed your password" emails also come in to another account you have, otherwise it's impossible to know until you get back in what is happening. NOT COOL VIRGIN.

neegal
Tuning in
In response to Finnred

on ‎14-11-2022 23:20

This might be a hack on the reset password part of the website... 

Why isn't 2FA used to reset passwords?

breacheduser
Tuning in
In response to David_Bn

on ‎14-11-2022 23:21

I've also had my password changed twice now.

1st instance - 12th November 05:12, KMM78653023V29896L0KM, email starting "Hello PHILIP"

I then proceeded to change my password and security question, but still impacted a second time.

2nd instance - 14th November 22:16, KMM78825547V64175L0KM, email starting "Hello ROGER"

This is a serious breach, accounts are being accessed without security question or password.

Rosscrooks
On our wavelength
In response to neegal

on ‎14-11-2022 23:22

It's criminal...

Kadrevex
On our wavelength
In response to MonkDave666

on ‎14-11-2022 23:24

Yup, all of my emails are using the old @ntlworld but only one of them is having this problem.

0 Kudos

Rosscrooks
On our wavelength
In response to sixfoottwo

on ‎14-11-2022 23:25

It's definately from VM. It appears they have been hacked. All my details had been changed in my account. The only way I could log back in is because my browser retained a session from before my password was changed. I changed it back, set my auto logout to 5 mins and changed my security question. Also deauthorised any devices then logged in on my phone and authorised that device.

 

I still can't change my phone number though. 

I would take this seriously.

0 Kudos
Top