cancel
Showing results for 
Search instead for 
Did you mean: 

Password reset - different name (Investigating)

aaaanditsgone
Tuning in

Hi,

My virgin media account password has been reset by someone else several times since last Friday. Shortly after it happens, I lose access to my email and have to reset the password to regain access. I have also changed the recovery answer to a long random string which didn't help.

Is there some kind of exploit with the password reset system that allows an attacker to bypass the recovery question? The last two password reset emails even show a different name to the one from my account.

Thanks

 

 

[MOD EDIT: Currently under investigation. Multiple threads merged]

331 REPLIES 331


@jem101 wrote:

 

Or maybe not, nothing bad has happened it was just a serious of coincidences and/or a bad update to the email systems - we can absolutely promise that not customer data has been taken. And I'm sure that if this is the case then VM will be making a statement to that effect really shortly, no? 

 


Even if customer data has been compromised (and I'm not suggesting for a moment it has), it's likely that the extent of any potential, hypothetical, data breach will be downplayed.

Anybody else remember this from March 2020? https://www.theregister.com/2020/03/06/virgin_more_leak_details/
[ The link from Turgensec noted in the above article is no longer available directly but can be read here:  https://web.archive.org/web/20200306143009/https://turgensec.com/virgin-media-disclosure-statement/ ]

 




It's What I Do.
I Drink and I
Remember Things.

Only mark a post as helpful if your issue has been resolved.

I've received a letter this morning on this issue, from an "Executive Resolution Specialist", dated 24th November. They write at the request of the "Data Protection Office."

It contains no more information than the C&P responses from the mod team in this thread really; no reference to how/why it occured, whether my data was compromised. Just "It happened, we investigated. Soz".

It also says they've locked my account as a precaution, but that happened a while before the date on the letter.

So, still none the wiser