cancel
Showing results for 
Search instead for 
Did you mean: 

Password reset - different name (Investigating)

aaaanditsgone
Tuning in

Hi,

My virgin media account password has been reset by someone else several times since last Friday. Shortly after it happens, I lose access to my email and have to reset the password to regain access. I have also changed the recovery answer to a long random string which didn't help.

Is there some kind of exploit with the password reset system that allows an attacker to bypass the recovery question? The last two password reset emails even show a different name to the one from my account.

Thanks

 

 

[MOD EDIT: Currently under investigation. Multiple threads merged]

331 REPLIES 331

 

I am still unable to access my virgin.net emails and account profile through the Virgin Media portal.  The account has been locked since 15th November. 

The level 2 technical support staff don't seem to be able to see the email address, which is not linked to a current VM account. 

The account (email) login has a DOB and memorable name associated with it, but it seems to be locked as this method doesn't work. 

Since VM are still responsible for data held on their servers what does VM plan to do for customers like myself to get us going again?

Has anyone else had success getting their virgin.net or other historic account unlocked??

 

Just had a message from a friend who knew I'd dumped VM because I believed their email systems had been hacked. Anyway, he contacted me because a colleague with a blueyonder email address had just sent him an extremely suspicious email..... Makes you wonder how many more may be affected but unaware.

This example could be coincidence (people get their accounts hacked via other vectors), but I'm now pretty much 100% convinced Virgin Media's mail system is/was at least partially, if not completely, pwned - and I think they must be fully aware of this but for some inexplicable reason aren't owning up to it, nor even exercising their duty of care by warning customers that an issue may potentially exist. It may also not be resolved after what is now over a week - a week in which private data may have been left wide open for exploitation.

We, of course, can't tell - because VM have been pretty much silent on the issue - other than a wave of cookie-cutter dismissive posts in here. If it was a glitch with an automated system doing "housekeeping" then surely they would have communicated that widely to prevent unnecessary panic and stress. I have an open "IT ticket" from last week for which I have had no updates on whatsoever (if a VM staff member would like to message me on here I'll happily supply it to them). They may have been trying to email me updates, of course, but that would be a bit silly since I have no email access (in fact the email address with them that I've had for over 15 years now no longer appears to even exist - which is fine by me as it can't then be abused). In saying that, when they false flagged and locked my email account a while back they did notify me then via email - sent to the mailbox that was locked (including the the instructions on how to unlock it).

I will be contacting my local Member of Parliament as things develop to petition that the Information Commissioners Office enforce any applicable laws, which may have been broken, to the maximum extent this time. It appears that the softly, softly approach taken over the last breach may have just led to complacency.

Monstro
Joining in

This is dumb - I can't be bothered to ring up support and wait etc.

I've just deleted my email account and gone back to my old ntlworld address

Now to change my email details on my entire online life...

Pathetic support and response by Virgin - a black mark that won't be forgotten if I happen upon a more attractive internet provision offering...

Yeah, the response from VM to this has been extremely poor; looks liek they're just hoping it will fade away now. No update to the complaint I raised, either.

ICO will be the next port of call.

I would just like to point out that IF; and it is a big IF, VM's email systems have indeed been compromised and customers' private information has been taken by a third party, and VM have failed to make this aware to the ICO, then VM are possibly looking at a fine* that would make Elon Musk wince and wonder if he could afford it!

Or maybe not, nothing bad has happened it was just a serious of coincidences and/or a bad update to the email systems - we can absolutely promise that not customer data has been taken. And I'm sure that if this is the case then VM will be making a statement to that effect really shortly, no? 

* and yes, I am fully aware of the reality of the way the regulators and the law works - realistically VM will get a slap on the wrist and made to promise that 'lessons have been learnt'. The lesson, of course is that they can safely carry on happily being completely cavalier with your data - after all what are you going to do about it? Trebles all round for the Directors methinks!

There is no IF about it in my case, my email was 100% accessed by whoever was able to reset the password. When I regained access I found password reset request emails for one website in my trash folder that had been generated a few hours earlier while I did not have access to my email. There would have been other emails too that the attacker must have permanently deleted from the trash folder. I know this because some of the websites they attempted to log into using my email and reset passwords logged the time and IP of their attempts - it was US IP though of course they were almost certainlty using a VPN so could have been anywhere in the world.

If you received the Philip / Roger reset email and have your email address tied to anything important (financial accounts etc) even if there is no obvious evidence of someone having accessed your email I would strongly recommend changing up your details and checking that all of these accounts are still secure. If someone did have access to your email it would not have been hard for them to cover their tracks as they did with me (before getting a bit sloppy at the end and failing to permanently delete a few emails). It is also possible that they searched your emails and found nothing of interest to them so took no action.

I can only speak of my own experience but given what others have posted in this and in many many other threads on this forum this seems to be a significant security breach to which Virgin Media's response has been either incompetent, untransparent or both. If this has affected you I would suggest lodging a complaint with the ico as I have, hopefully if enough people do they will look into this mess: https://ico.org.uk/make-a-complaint/data-protection-complaints/personal-information-complaint/

Tsubodai14
On our wavelength

I take it this is drifting into obscurity then?

The complaint I raised has also disappeared...

VM account security- is it secure?

Attempts to hack emails may be related to other accounts where the email is used, such as dropbox and  facebook for example or any other third party, with the object of taking over accounts by hackers, recent posts indicate this even where victims are no longer VM customers, and the email is not closed off after 90 days.

The other reason may be phishing which can often appear to be "very authentic emails" but want you to click on a link to a fake website or enter your password.

I often get password reset attempts on facebook and once had to recover facebook after it was compromised, it was difficult to prove my identity and I got locked out indefinitely for a while, but facebook often prompts me to change password probably due to hacking attempts, which thankfully are blocked by 2FA protection.

The hackers want access to your accounts for identity theft, fraud, baking scams etc and just want your personal details.

Data breaches can enable hackers to get hold of passwords, so use a different strong password for each account.

As there is no 2FA on VM email/account it may not be as secure as gmail for example and therefore could be hacked with just a guess of a password.

I still have a VM email which is pwned and gets a lot of phishing/scams but there is no way to delete a primary email even if I now log in using a third-party email, so VM enforce me to keep an old ntlworld.com email in my VM account which I stopped using and now use third party emails which have 2FA  security.

I tried to delete this old primary ntlworld.com email in 2019 which was not allowed so I did then use secondary emails, but they kept getting suspicious activity and locked out so in the end I deleted my secondary emails.

As VM are phasing out email services, it perhaps not a priority for them now, and probably wise to use alternative emails rather than chance security.

However, VM should be obligated to assist is an email is compromised and cannot be recovered using normal methods or has not been closed off properly when customers leave and then hacked.

 

 

Had had the same issue, complaint vanished. Write to them, I have, still waiting.

Virgin Media, Sunderland, SR43 4AA

My details were passed to the fraud department (probably like others), yet there has been no response. I don’t really know what to make of that.. they are either loads to go through or it’s been swept under the carpet.