Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Password reset - different name (Investigating)

aaaanditsgone
Tuning in

on ‎14-11-2022 19:07

Hi,

My virgin media account password has been reset by someone else several times since last Friday. Shortly after it happens, I lose access to my email and have to reset the password to regain access. I have also changed the recovery answer to a long random string which didn't help.

Is there some kind of exploit with the password reset system that allows an attacker to bypass the recovery question? The last two password reset emails even show a different name to the one from my account.

Thanks

 

 

[MOD EDIT: Currently under investigation. Multiple threads merged]

331 REPLIES 331

jem101
Superstar
In response to emailfried

on ‎18-11-2022 22:44

How strange, a post of mine is edited by the forum moderators to remove a single word consisting of two letters and two asterisks, within a couple of hours of posting it. OK, well fair enough, their forum, their rules no?

Oddly enough they seem to have sufficient resources available to rapidly edit the wording of a post but not so quick to rebut the points made in it! OK, yes of course the people running this forum come under ‘marketing’ and their main job is really to promote a positive image of VM and as a secondary role to provide some kind of customer support to supplement the, shall we say, lacklustre, official customer (dis)service provision, that VM have decided, as a company, to operate! And again, fine, their company, their right to run it as they see fit, no?

Now, of course, some might well want to interpret this action as VM being more concerned about petty matters of forum rules than addressing a genuine concern over the security of their customer’s information. I wouldn’t like to comment on VM’s priorities on this, leaving it up to individual subscribers to make up their minds as to the question of how much do they trust VM to look after their interests or security of their data, and not just a meaningless statement, but how much do they actually spend, what provisions have they made etc.

Bottom line, it is screamingly obvious that ‘something’ has happened to the email accounts of at least a subset of VM customers. Now it would be a good for VM to make a statement along then the lines of ‘xxx has happened, we are aware of it, but we can absolutely guarantee (oh and hint - don’t lie, the entire company WILL be taken apart in the Courts, plus some senior people are really looking at prison terms) that no customer data has been stolen (or exfilated, to give it the proper term)! 

The absence of such a statement, might or might not say something, what that means or doesn’t mean, I’ll leave to the reader to consider!

 

Chromeboy
Tuning in
In response to ModTeam

on ‎19-11-2022 09:45

 

I have called into customer care twice but as this virgin.net email account is not linked to my current virgin media account they could not change its password or reset it.  

I was asked/obliged by Virgin to move my virgin.net email account into the virgin media portal at some stage in the past and I have accessed it through virgin media webmail for many years now.

How is it possible for staff not to be able to access/suuport an account on the virgin media portal? 

I think I will need a specific contact name / email to progress this problem.

0 Kudos

oakleyd
On our wavelength
In response to jem101

on ‎19-11-2022 12:10

I can assure you this was NOT due to a fault. Within minutes of my email being reset I started receiving scam phone calls and other attempts were made to hack other accounts. It was that quick that the first call came as I was resetting my password (the first time).

I will also add, this is the first time EVER that I have received this type of call on the number in question and I have had it for many years. So 'coincidence'? 
You'd have to be as mad as a box of frogs to think so.

 

Mamba
On our wavelength

on ‎19-11-2022 17:57

Just got off phone to VM Customer [Support]. Managed to reset pw, in fact had to 'set up account' again.  I'm an old NTL em user, used for years without problem. After the reset, I quizzed the [overseas call centre] lady on how this [hack] happened.  All I got, repeated over and over, was that it was just "VM ensuring the security of all our customers by getting them to reset passwords to avoid suspicious activity", or similar.  Lots of words and no technical explanation how anyone or anything changed my pw behind my back!  She actually denied there had been any <fault> and it was all fine, no compromise to accounts, security of data for customers.  She clearly became bored with avoiding my questioning and CUT ME OFF!  Outrageous behaviour.  Can I get to cancel her?  We shall see if I get another pw reset tonight!

Needless to say, I am migrating all matters over to a new em provider - what a drag!  Interesting that other virginmedia.com emails we have in the house don't seem to be affected, touch wood!  Does seem maybe to point to an 'old school account' coqup at VM's end. 

tkn
Tuning in
In response to Mamba

on ‎19-11-2022 22:08

I've made a complaint to the ico as emailifried suggested on the last page. Obviously it's bad that these security breaches happen, though perhaps understandable and even forgivable if the company in question at least owns up to the issue and does all it can to fix the security flaw, keep customers in the loop and help them secure their accounts. Virgin Media have done none of these things and are still pretending that this hasn't happened.

A few hypotheses:

I suspect the attackers were mainly after cryptocurrency, at least that was the case with their activity on my email address. Thankfully I have not been affected but it is likely that some people will have had funds stolen and may not even be aware or understand how it has happened.

After the first time someone managed to reset my password, and before I knew this was a widespread problem, I was worried that perhaps my personal details had been leaked so changed the security answer and the birth date linked to the account to completely random answers, and the same thing still happened again. This suggests that the attackers either were able to breach VM security to access this data or more likely had some sort of admin access to resetting passwords that did not require any security details (perhaps that's who Roger and Philip are...).

I have multiple emails with VM and as far as I'm aware only one was affected. This was the email I use most to sign up to the things and it has definitely been involved in several data breaches on different sites over the years (though of course the password and personal details have been reset several times it wasn't too bright of me to have this email tied to anything important, though that's a different story!). So this email was definitely known if that makes sense i.e. if someone was complining a list of leaked VM address it would likely have been on there, whereas all the other addresses are generally used for personal emailing so would not have been known. If the attacker had some sort of admin access all they may have needed was a valid email address to reset the password and access the account.

Please don't take the above as fact - it's just what is consistent with my experience this last week and makes sense to me.

sixfoottwo
On our wavelength

on ‎19-11-2022 22:46

What surprises me is that this story hasn't made the papers.  is there a journalist out there who would be interested in pursuing this story and putting pressure on VM to come clean?  The company should be ashamed of its behaviour to date and come clean on what's happened.

Mamba
On our wavelength
In response to tkn

on ‎19-11-2022 23:01

Thanks @tkn for your post and sharing xp.  Many people appear to be reading this topic even if they can't login, so all we can do to help. I was unable to get in to comment earlier as my em a/c had been locked!  

0 Kudos

Mamba
On our wavelength
In response to sixfoottwo

on ‎19-11-2022 23:10

Agreed. With some [tip of the iceberg?] 40,000 views of this topic it cannot be described as <small>, and without a full explanation to us customers either on this Forum or on the phone [the Customer Centre put the phone down on me - see above], Trust is irreparably damaged.
0 Kudos

ravenstar68
Very Insightful Person
Very Insightful Person
In response to Mamba

on ‎20-11-2022 11:00

I'd be interested in seeing the source of one of the ORIGINAL emails that triggered this thread

Something doesn't sit right with me - If it had come from Virgin Media's systems themselves then why did they all have the wrong name?

Is anyone who's received one able to oblige?

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

ALF28
Super solver
In response to ALF28

‎20-11-2022 11:47 - edited ‎20-11-2022 12:02

Antivirus-password issues

Probably wise to do your own checks with antivirus scans on your devices, just recently one customer may have had the Nymaim virus which is a cryptovirus.

I also agree with the post that hackers may be able to keep a session open, and the facility to close all sessions of email was removed recently when the email was revamped, this need to be available for security.

However, if you have more than one browser open on your computer showing your email it will prompt to close all browsers.

The reason usually that accounts are locked by VM is if they detect any suspicious activity with an account and lock them and then do the password change.

It is not clear in these posts what caused the multiple password changes for the affected users but appears it has been investigated by Virgin.

Top