Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password reset - different name (Investigating)

aaaanditsgone
Tuning in

on ‎14-11-2022 19:07

Hi,

My virgin media account password has been reset by someone else several times since last Friday. Shortly after it happens, I lose access to my email and have to reset the password to regain access. I have also changed the recovery answer to a long random string which didn't help.

Is there some kind of exploit with the password reset system that allows an attacker to bypass the recovery question? The last two password reset emails even show a different name to the one from my account.

Thanks

 

 

[MOD EDIT: Currently under investigation. Multiple threads merged]

331 REPLIES 331

Z499
Tuning in
In response to Graham_A

on ‎15-11-2022 17:56

Thanks for your reply, however.....

"Each ntlworld.com email address along with any other additional email accounts that are added to the primary account now have their own My Virgin Media accounts.  Password changes are made via My Virgin Media entering the email address of the email account concerned and current password."

When I enter the email address and the password for that email address (which has been unchanged for over 15 years), it is not recognised, so I can't go any further, I suspect that someone has hacked the account and changed the password as I am getting an error message on my phone now when it tries to fetch emails to that address.

  "Then go the Update Settings > Account details > Password - edit.  If the current password is not known or not recognised then the Forgotten password link on the sign in page should be used.  This will only work if security questions (now called password recovery question) have previously been set.  If they haven't then you will need to contact VM to get the password reset."

If I click on the Forgotten Password link then an email will be sent to my @ntlworld address that I can no longer access won't it?

Graham_A
Very Insightful Person
Very Insightful Person
In response to Z499

on ‎15-11-2022 18:05

No, the Forgotten password route will take you to a page to input the email address concerned and then will ask you to enter your date of birth and the password recovery answer or possibly some other security questions.  It doesn't send a password reset link to any email address.  If the system does not have the necessary details you should get a message on screen asking you to contact Virgin Media regarding the email account.

________________________________
Graham

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media, I'm a VM customer. There are no guarantees that my advice will work. Please read the FAQs
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

keithaddy
Tuning in
In response to Z499

on ‎15-11-2022 18:17

this is still happening and i dont think its resolved. i have had 3 password resets in as many days .nothing seems to be happening. i would appreciate some sort of reply from your security team at virgin.

nbaker
Dialled in
In response to Asherd7

on ‎15-11-2022 18:20

Any update on this hack yet????????????????

I have been unable to access my email since yesterday morning and cannot logon to myvirginmedia to change anything myself.

Some statement from Virgin Media would be nice.

0 Kudos

Tsubodai14
On our wavelength
In response to Asherd7

on ‎15-11-2022 18:20

Sorry to quote your message, but I have no other way of posting, it appears.
Just joined to say I'm also affected. When I phoned VM about it they seemingly had no idea it was happening and I got the usual "phishing e-mails can look realistic" responses. Mailbox was unavailable earlier but back now, after another password change. No untoward activity from my e-mail account; I'll go back to read the whole thread, but it looks like a hack, does it?
0 Kudos

maas
Tuning in
In response to Tsubodai14

on ‎15-11-2022 18:28

I think its more of a bug than a hack. Its happened to me 3 times, and 1 of those for well over an hour before I got it changed. Theres no evidence of any unauthorised access, emails from other services about password resets, change of account details, unauthorised orders on other sites and I;ve not really seen anyone claiming on here that they have had any.

I think if there was, virgin would have taken the email access offline.

It feels like an internal bug to me and the software is resetting wrong accounts.

VMUSERALPHA
Tuning in

on ‎15-11-2022 18:29

This 'Roger/Philip reset' has happened to me twice since Saturday 12th November.

One oddity is that the culprit left an unknown (to me) 01902 area number as my Contact Details Phone number.

Also: this 10902 number couldn't be changed from the account settings webpage: I needed intervention from VM.

Happy to take a call from VM re this mystery phone number. Maybe other users have seen the same behaviour?

 

0 Kudos

VMUSERALPHA
Tuning in
In response to maas

on ‎15-11-2022 18:43

That's an encouraging thought (about it being a bug rather than a hack). Maybe there's no culprit and no real harm done after all.

Reminder to Virgin Media.
If there *have* been any downloads of outlook archives or of emails, rather than just some kind of miswire bug, then this 'RogerPhilip' business would be a very serious data breach. You would IIRC have to report it to the ICO within 72 hours.

aaaanditsgone
Tuning in
In response to maas

on ‎15-11-2022 18:48

Yes, 2 mins after the first time it happened. They triggered a password reset for an old microsoft account. Only noticed it after resetting the VM password to regain control. Cleared out the mailbox afterwards but they would have had time to poke around. The IP address that triggered the reset was from USA.

0 Kudos

VMUSERALPHA
Tuning in
In response to Rosscrooks

on ‎15-11-2022 19:04

I saw a strange phone number too. The fake number had a 01902 area code.

0 Kudos
Top