Community FAQ
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 

Reason's you probably shouldn't delete a hacked email account.

ravenstar68
Very Insightful Person
Very Insightful Person

‎11-10-2018 14:23 - edited ‎11-10-2018 14:29

A number of posts on here have asked if a hacked email account can be deleted.

While it might seem sensible to do this here's some reasons why you shouldn't IMHO

A hacked email account is often the first line of attack in breaching other accounts.
Indeed the first some people find out about these hacks is when someone changes a password on another more significant account e.g. Amazon.


Deleting the account means you possibly lose some insights on to what other accounts have been attacked, and often means that you will have trouble getting back into those accounts as well as the companies can no longer send a password reset.

Some email providers allow the recycling of deleted email addresses.

While I don't think this applies to Virgin Media, I would always assume it does to be on the safe side.  As long as the email address is active you should be able to take steps to regain control of it.

(Edit: Blueyonder, NTLWorld and Virgin.net addresses can't be recycled as it's not possible to create email addresses using those domains any longer.  However I still advise against deleting it unnecessarily).

So what should you do?

  1. Deny the hacker continued access to the email address - change your password and/or your security questions.
  2. Access webmail and check for any unexplained filter rules that the hacker may have put in to hide their activity, e.g. redirecting or deleting emails from certain companies.
  3. If you're one of the 59% of users who use the same password everywhere then it's time to change.  Every account that uses the same password as your email account is to be considered breached regardless of whether they have been.  Consider using a password manager such as LastPass or Dashlane and setting random passwords on every account.
  4. Where accounts support it turn on two factor authentication (2FA).  I cannot stress this enough.  While it can add extra hassle to logging in, it does provide an extra layer of security often tied directly to a specific device.

Note that in recent months there have been a spate of emails blackmailing users by providing evidence that they know your password.

In the words of the late great Douglas Adams:

don_t_panic__by_abelmvada-d9ygpjj

 

Evidence shows that many of these passwords have come from old hacks (indeed some of those contacted reported that they had changed the password years ago).

https://www.actionfraud.police.uk/alert/alert-cyber-criminals-send-victims-their-own-passwords-in-ne...

So it doesn't mean your email itself was the initial point of hack.  There have certainly been a large number of well known companies hacked over the years.

Finally though I would take this moment to urge that all users of Blueyonder.co.uk, NTLWorld.com and Virgin.net emails take time to make sure that they are using the LATEST SETTINGS for your email clients.  There are IMHO still far to many people using settings that were in place since before 2010.  These settings are unsafe as they transmit your email address and password in PLAIN TEXT

If it works and you're a believer in "If it aint broke, dont fix it." You should realise that the original design of email wasn't perfect.  There are reasons behind this, but if you haven't changed your email settings since you first got it you should consider your email broken.

Note: Virginmedia.com email holders already use the latest settings so those accounts have always been more secure by default as email address and password are encrypted.

I do welcome other people's thoughts on this subject.

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

6 REPLIES 6

Anonymous
Not applicable

on ‎11-10-2018 14:41

In full agreement and a very well-written piece of advice ...

The number of times I have told people DO NOT use the same password for every account/app … esp. with Last Pass or KeePass available for free....!!!

I would ask though that if (as I believe) TLS is more secure than SSL { SSL (Secure Socket Layers) and TLS (Transport Layer Security)} … then VM could help their bit by using TLS???   … ZvnK …

ravenstar68
Very Insightful Person
Very Insightful Person
In response to Anonymous

‎11-10-2018 14:52 - edited ‎11-10-2018 14:56

Virtually no one uses SSL anymore - the setting is often still called SSL for historical reasons, but most clients recognise it as SSL/TLS which often defaults to using TLS

From OpenSSL connecting to imap.virginmedia.com

New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA
Server public key is 2048 bit
Secure Renegotiation IS supported
Compression: NONE
Expansion: NONE
No ALPN negotiated
SSL-Session:
    Protocol  : TLSv1.1
    Cipher    : DHE-RSA-AES256-SHA
    Session-ID: 1A02DE70699EB538441043FB6EB9E7E1FE7141BBE316D6EFA844E057A049FB19
    Session-ID-ctx:
    Master-Key: 00B286BB6B4C4B412C29F4C9BD885C57590E3D020C9771C54A7906D22C97B0C42115C8E1D4105E3B53DA293723ECEF85
    Key-Arg   : None
    PSK identity: None
    PSK identity hint: None
    SRP username: None
    Start Time: 1539265708
    Timeout   : 300 (sec)
    Verify return code: 0 (ok)
---
* OK Virgin Media IMAP4 server ready [ e4c558782VM ].

My gripe here is that they're using TLS1.1 there's no reason IMHO not to use TLS1.2 especially with TLS1.3 having just been finalised.

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos

coenoby
Very Insightful Person
Very Insightful Person

on ‎11-10-2018 15:09

Hi Tim

That (your original post) provides some great advice and information.

The key thing for me is that when you find an email account has been hacked it is usually a symptom of a much larger problem. Deleting the email account does not solve that larger problem and may indeed make it more difficult to identify and resolve.

 

I am guessing that many people go straight to 150 in these circumstances and do not get the benefit of advice from the Community.

It may be a forlorn hope but in my view when Virgin Media customers ask for an email account to be deleted because it has been hacked, VM staff should give them that advice before deleting the account. At the very least they should strongly advise the customer to check their online accounts with Amazon, Ebay, Paypal etc to ensure they have not been taken over by the hackers.

Coenoby

 

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media.

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

Anonymous
Not applicable
In response to ravenstar68

‎11-10-2018 15:10 - edited ‎11-10-2018 15:12

Thanks for the quick informative reply … another gap filled in my email understanding … 

To be honest I have learnt more from  studying your replies about email on this forum, than on some courses I attended in my previous life!!!   … ZvnK ..

ravenstar68
Very Insightful Person
Very Insightful Person
In response to Anonymous

on ‎11-10-2018 17:32

@Anonymous

Thanks for the compliment.

I use the questions to give me the impetus to research my answers properly.  I'm not always perfect mind you, but I don't just regurgitate someone elses answer I do try an understand it.

SSL is a fun subject in itself as we didn't really get encryption on the net til 1995 with SSL2.0 (Secure Sockets Layer)

https://en.wikipedia.org/wiki/Transport_Layer_Security

This was originally patented by Netscape and by extension by AOL who bought them out.  SSL3.0 followed and then after that the code was moved to open source and the next iteration was TLS1.0 - The name change was to avoid any rights issues similar to those that happened with things like the GIF format.  Add to that it was sufficiently different from SSL 3.0 but did of course provide a fallback option.

What really confused things for me was things like Microsoft Office.

Their dialogs originally gave encryption choices as SSL or TLS.  However whenever they mentioned SSL they were referring to SSL or TLS where the communication is encrypted from the outset and when mentioning  TLS they were referring to StartTLS whereby the communication uses the same unencrypted channels as before, but the client sends a StartTLS command to set up encryption.

In fact although few servers use them - it is possible to set up StartTLS encryption for POP3 and IMAP as well.  In theory that would free up ports 993 and 995 for other uses, but is probably unlikely to change any time soon.

But this lack of encryption standard also explains why email was broken as designed.  Until encryption techniques entered the public domain, standards like email http, telnet etc could not be encrypted.  After that companies were notoriously slow to adopt it.  TalkTalk only did so last year and PlusNet still doesn't.

Tim

I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

0 Kudos

HowardML
Superuser Emeritus
Superuser Emeritus
In response to ravenstar68

on ‎11-10-2018 18:54

Of course @ravenstar68 has it right, but one further thing to remember is that if your are a VM broadband customer and the address that has been compromised is your primary e-mail address it CANNOT be deleted. It needs to be secured by a change of password and security questions so the misfortune does not happen again.


I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more

Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks

Top