Showing results for 
Search instead for 
Did you mean: 

Password reset - different name (Investigating)

Tuning in


My virgin media account password has been reset by someone else several times since last Friday. Shortly after it happens, I lose access to my email and have to reset the password to regain access. I have also changed the recovery answer to a long random string which didn't help.

Is there some kind of exploit with the password reset system that allows an attacker to bypass the recovery question? The last two password reset emails even show a different name to the one from my account.




[MOD EDIT: Currently under investigation. Multiple threads merged]

331 REPLIES 331

Might be a looooooong wait, me thinks!

On our wavelength

The password is being changed (or more correctly using the language in the email "updated"). I've examined the full email headers are the emails are 100% genuine and originating from Virgin Media's mail servers.

Good question.

Where is VM tech support?????

Does it exist?

Appears this is actually a worrying security issue that needs sorting ASAP

A number of threads on this topic have been merged under “Password reset - different name (Investigating)”

Well folks, im just getting back to this...

i can confirm it was Roger also... it seems he has been a busy boy!

the fact its more than 1 user (ie me), means there seems to be a bigger issue. It would be nice for someone from VM to give use some feedback on this. As it currently stands my email account is still working since i changed the password. 

hopefully we all get some answers soon

Tuning in

I see this had been getting some traction since my first post. Yes, mine was ROGER too.

I spent an hour and half on with Virgin Media Techincal Support last night. My password was changed twice in a day. I had some difficulty with the first of the three departments I spoke to. He believed that by just changing the password again that he had solved the problem. I have over 20 years of experience in IT and was not convinced. It took around 6-7 tried repeatedly asking to be transfer to 2nd line support as I knew that a simple password change would not resolve the issue. Eventually I was transfer to Gadget Rescue (please don't bother), pleasant enough but do not have the level of knowledge required.
Eventually I was passed to the Multi-Secure team (I may have got the name of that lost in translation). Rachel was very keen and did phone me back when she said she would today.

So. Let me tell you how to solve the problem before I comment further.

Go into My.VirginMedia.Com and if you're locked out, you can either answer the DOB and Security question to gain control back (goto to Update Settings and Account Details), or ring Tech Support and ask them to change your password.
Once you have control back, go into your Account Details and change your Secure Word and Secure Questions. That should (at least for now for me) solve the issue.

I originally thought this might be some kind of cross link database issue at first especially with the ongoing email outages in my area, but the sheer number of other issues that are the same here, it is a clearly a security problem.
1st line, Gadget Rescue and Mult-Secure DO NOT have access to the Virgin Media Community board, or at least they haven't been told. Considering the sheer number of complaints on this issue this is counterproductive, do something about it.

That's it. Good luck and if you need any help, I'm here.

Thanks for the advice, I’ve updated my security question

Many thanks for the update!

I changed the security question this morning after the password was changed again overnight.

Fingers crossed.

On our wavelength

Mine were to Philip and Roger too.  Reset successfully both times, but VM's silence on this is deafening.

I think the fact that the passwords were changed in the first place would suggest inside knowledge or access to the database. The sessions still being valid after a password reset is extremely worrying. I seriously considering moving to another provider. It's an appalling lack of security on VM's part. Hopefully we'll hear back something soon.