Virgin Media Virgin Media Community

aaaanditsgone · ‎14-11-2022

Hi,

My virgin media account password has been reset by someone else several times since last Friday. Shortly after it happens, I lose access to my email and have to reset the password to regain access. I have also changed the recovery answer to a long random string which didn't help.

Is there some kind of exploit with the password reset system that allows an attacker to bypass the recovery question? The last two password reset emails even show a different name to the one from my account.

Thanks

[MOD EDIT: Currently under investigation. Multiple threads merged]

Daveb10 · ‎15-11-2022

Hi,

lots of users having issues with strange password resets. Four times since 12/10/2022 for me. password is random hash from a Vault and Security question also random but still I’m getting emails to PHILIP acknowledging them for the change to my account.

Can Virgin (Infosec) give an updated please!

oakleyd · ‎15-11-2022

Its not a bug. I wish it was.
Within minutes of me discovering it on Friday I had scam phone calls and attempts to reset passwords on resources with whom I have had recent correspondence. Some of these calls were pretending to be from less than obvious sources which no one would know I have had any dealings with unless they had full access to my emails.
I have been a software dev. for more than 30 years and Head of a large IT dept that ran a 50k pa internet contract with Virgin, so I would like to think that I know a little. I think I can tell the difference between a security breach and a software glitch. Authentication that allows reset of pwd without 2FA and does not sign out all sessions after a pwd reset is not a BUG, its a massive vulnerability.

loscassidy76 · ‎15-11-2022

reset again around 2:30pm, but not email to roger today

loscassidy76 · ‎15-11-2022

not on pwned list either

podgorny · ‎15-11-2022

I’d really like to know what’s going on. Haven’t been able to access my email for most of today.

Minimitts · ‎15-11-2022

Same here, had to change to another password.. it’s getting boring now

Finnred · ‎15-11-2022

For what it's worth, I had another password reset today. I phoned up the VM help desk and they had to reset my pwd since I could not do so through the on-line app, as I was able previously. Even after doing that I still could not access and they suggested to use Microsoft Edge instead of Chrome as the browser - that worked and I was able to reset my pwd from their default and get into my mail. Using a different browser may be a work around for others also.

Received usual other statements about passing info to their security team but no definitive statement except to give them 24-48 hours to look into the issue and try to resolve.

I am now back using Chrome but still cannot access my account using Outlook (preferred email client). I am hoping that this is *just* an inconvenience and not a serious breach. I have seen no other issues with other types of accounts being accessed but really need some confidence/proof from VM that there is not something lurking that will make itself known soon.

kostast · ‎15-11-2022

I have the exact same issue and my wife that has a subsidiary account cannot access her emails anymore as virgin is down and does not allow people to change their passwords. Is this a malicious hack? Or a technical **bleep** up? I need answers too before I refer virgin to the ICO office for GDPR

kostast · ‎15-11-2022

By the way o get emails to PHILLIP and ROGER. More variety than you my friend…:)

Daveb10 · ‎16-11-2022

I feel a bit left out now !

no sign of a statement from Virginmedia either 🤔

Virgin Media Virgin Media Community

Virgin Media Virgin Media Community

Password reset - different name (Investigating)