Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password reset - different name (Investigating)

aaaanditsgone
Tuning in

on ‎14-11-2022 19:07

Hi,

My virgin media account password has been reset by someone else several times since last Friday. Shortly after it happens, I lose access to my email and have to reset the password to regain access. I have also changed the recovery answer to a long random string which didn't help.

Is there some kind of exploit with the password reset system that allows an attacker to bypass the recovery question? The last two password reset emails even show a different name to the one from my account.

Thanks

 

 

[MOD EDIT: Currently under investigation. Multiple threads merged]

331 REPLIES 331

aaaanditsgone
Tuning in
In response to breacheduser

on ‎17-11-2022 13:20

@breacheduser wrote:
So just had my account access sorted by calling support.
Also their update on the situation is that this isn't a breach/hack but a glitch/bug on their system where passwords and security questions are being changed. They 'assured' me that none of my emails or data has been accessed externally, however there isn't an intention on a public statement at the moment...

Take that claim with a heap of salt. The attacker managed to reset the password for an old Microsoft account shortly after the VM password was reset. They had to enter a verification code to do this, which means they had access to the mailbox.

Wouldn't leave anything in the VM email system at this point. Until they give a proper explanation, we need to assume that it's compromised.

Rosscrooks
On our wavelength
In response to Kadrevex

on ‎17-11-2022 13:29

I've just spent the past 2 days chanting about 20+ accounts, from PayPal to my Bankofscotland account, to a Proton Mail account.

 

Still no information (my post was apparently deleted) regarding sessions not invalidated when the password is changed. A couple more days and I'm out of here.

Z499
Tuning in
In response to oakleyd

on ‎17-11-2022 13:50

On Monday I got an email reporting that a change of password was being attempted on a non-Virgin Media web site which uses email address as part of the log in; so that suggests that this problem is more than just an internal VM issue

0 Kudos

hotmud
Up to speed
In response to Z499

on ‎17-11-2022 14:19

Getting the run around asking for info on their Phone lines. Spoke to a 2nd tier guy who did tell me that there has been an ongoing hack of emails since about a month. It wasn't clear if this was the same issue as experienced here as he was unaware of it, but it doesn't bode well. He also flipped a bit latter saying that there is no issue with emails.

He couldn't even access these community pages so I could prove it to him. Whatever is going on the info is not being disseminated within VM to customer-facing staff.

They also seem to be in denial that pw can be changed without permission, yet that's what's happening.

On another call 1st tier said there was a 'security issue' with emails. Again not clear what that means or if she was reading previous notes from my account. Getting annoyed now.

 

 

oakleyd
On our wavelength
In response to hotmud

on ‎17-11-2022 15:12

Well I called again today and my first question to the girl was “is there any update on the email hack yet” and she did not challenge that question but looked at my account, put me on hold and then came back and said “IT are aware and they are investigating” and she apologised and reset my pwd with me (again). Draw whatever conclusions you may from that?

sixfoottwo
On our wavelength

on ‎17-11-2022 17:13

Rang up.  Password reset.  New updated router on the way.  Also offered free Netflex, although doubt we'll watch anything.  How long before it happens again.  VM really need to inform us of what's going on.

 

0 Kudos

nbaker
Dialled in
In response to oakleyd

on ‎17-11-2022 17:17

Well, last night I finally managed to log on to myvirginmedia and changed my password and briefly had access to my email account but today my password has been changed again!!!!!

Could @virginmedia please update us as this is really beyond a joke, this has been going on now since Sunday evening and were still none the wiser?

One good thing though as I cannot access my Virgin media account I cannot pay my bill, what a shame....

 

0 Kudos

oakleyd
On our wavelength
In response to nbaker

on ‎17-11-2022 17:28

I first noticed it on Friday 11th Nov. Which is also when I first started getting scammers phoning and trying to change pwd on other accounts.

0 Kudos

ALF28
Super solver
In response to nbaker

‎17-11-2022 17:46 - edited ‎17-11-2022 18:03

The mod team have advised customers to change password/security question following these incidents, but still "no comment on the cause", if it compromised or software problems.?

People do need to know if the VM email is actually secure now?, and why so many customer received pasword change emails for Roger or Phillip, do they work for VM or is this some type of hacking.

My ntlworld.com email was secure but I have changed  my credentials anyway and have not had the roger/phillip emails so this issue may not affect all customers.

The posts seem to indicate that this could be phishing  and attempts to get hold of passwords that could then give access to the email by others for the possible purposes of hacking related account that use the virgin email.

The virgin email is vulnerable as it has no 2 factor authentication, which makes it easier for hackers who obtain passwords.

I would, if it was possible, close my primary ntlworld.com email as I already log in to VM using a third party email, but only secondary accounts can be closed, not a primary email.

I presume the incidents of the unusual  password change emails is under investigation, I actually closed my secondary emails as they kept getting locked by VM some time ago and wish I could close my last remaining old VM primary ntlworld.com email which I no longer use now and it is not used in my VM account but still attached and gets spam/scam emails all the time.

I have moved over to using outlook.com. gmail.com and yahoo.com and also protonmail, all of which seem a good alternative.

 

 

 

 

DavidJester
Tuning in
In response to Rosscrooks

on ‎17-11-2022 19:00

So, what was that? [REMOVED]? And you have a Paypal and a Bank of Scotland account you say?

Friendly piece of advice, maybe don't say this much on an open channel. If you had hacked in, wouldn't you also be watching this board...?

[MOD EDIT: Personal and private information has been removed from this post. Please do not post personal or private information in your public posts. Please review the Forum Guidelines]

0 Kudos
Top