11-10-2018 14:23 - edited 11-10-2018 14:29
A number of posts on here have asked if a hacked email account can be deleted.
While it might seem sensible to do this here's some reasons why you shouldn't IMHO
A hacked email account is often the first line of attack in breaching other accounts.
Indeed the first some people find out about these hacks is when someone changes a password on another more significant account e.g. Amazon.
Deleting the account means you possibly lose some insights on to what other accounts have been attacked, and often means that you will have trouble getting back into those accounts as well as the companies can no longer send a password reset.
Some email providers allow the recycling of deleted email addresses.
While I don't think this applies to Virgin Media, I would always assume it does to be on the safe side. As long as the email address is active you should be able to take steps to regain control of it.
(Edit: Blueyonder, NTLWorld and Virgin.net addresses can't be recycled as it's not possible to create email addresses using those domains any longer. However I still advise against deleting it unnecessarily).
So what should you do?
Note that in recent months there have been a spate of emails blackmailing users by providing evidence that they know your password.
In the words of the late great Douglas Adams:
Evidence shows that many of these passwords have come from old hacks (indeed some of those contacted reported that they had changed the password years ago).
So it doesn't mean your email itself was the initial point of hack. There have certainly been a large number of well known companies hacked over the years.
Finally though I would take this moment to urge that all users of Blueyonder.co.uk, NTLWorld.com and Virgin.net emails take time to make sure that they are using the LATEST SETTINGS for your email clients. There are IMHO still far to many people using settings that were in place since before 2010. These settings are unsafe as they transmit your email address and password in PLAIN TEXT
If it works and you're a believer in "If it aint broke, dont fix it." You should realise that the original design of email wasn't perfect. There are reasons behind this, but if you haven't changed your email settings since you first got it you should consider your email broken.
Note: Virginmedia.com email holders already use the latest settings so those accounts have always been more secure by default as email address and password are encrypted.
I do welcome other people's thoughts on this subject.
Tim
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks
on 11-10-2018 14:41
In full agreement and a very well-written piece of advice ...
The number of times I have told people DO NOT use the same password for every account/app … esp. with Last Pass or KeePass available for free....!!!
I would ask though that if (as I believe) TLS is more secure than SSL { SSL (Secure Socket Layers) and TLS (Transport Layer Security)} … then VM could help their bit by using TLS??? … ZvnK …
11-10-2018 14:52 - edited 11-10-2018 14:56
Virtually no one uses SSL anymore - the setting is often still called SSL for historical reasons, but most clients recognise it as SSL/TLS which often defaults to using TLS
From OpenSSL connecting to imap.virginmedia.com
New, TLSv1/SSLv3, Cipher is DHE-RSA-AES256-SHA Server public key is 2048 bit Secure Renegotiation IS supported Compression: NONE Expansion: NONE No ALPN negotiated SSL-Session: Protocol : TLSv1.1 Cipher : DHE-RSA-AES256-SHA Session-ID: 1A02DE70699EB538441043FB6EB9E7E1FE7141BBE316D6EFA844E057A049FB19 Session-ID-ctx: Master-Key: 00B286BB6B4C4B412C29F4C9BD885C57590E3D020C9771C54A7906D22C97B0C42115C8E1D4105E3B53DA293723ECEF85 Key-Arg : None PSK identity: None PSK identity hint: None SRP username: None Start Time: 1539265708 Timeout : 300 (sec) Verify return code: 0 (ok) --- * OK Virgin Media IMAP4 server ready [ e4c558782VM ].
My gripe here is that they're using TLS1.1 there's no reason IMHO not to use TLS1.2 especially with TLS1.3 having just been finalised.
Tim
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks
on 11-10-2018 15:09
Hi Tim
That (your original post) provides some great advice and information.
The key thing for me is that when you find an email account has been hacked it is usually a symptom of a much larger problem. Deleting the email account does not solve that larger problem and may indeed make it more difficult to identify and resolve.
I am guessing that many people go straight to 150 in these circumstances and do not get the benefit of advice from the Community.
It may be a forlorn hope but in my view when Virgin Media customers ask for an email account to be deleted because it has been hacked, VM staff should give them that advice before deleting the account. At the very least they should strongly advise the customer to check their online accounts with Amazon, Ebay, Paypal etc to ensure they have not been taken over by the hackers.
Coenoby
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media.
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks
11-10-2018 15:10 - edited 11-10-2018 15:12
Thanks for the quick informative reply … another gap filled in my email understanding …
To be honest I have learnt more from studying your replies about email on this forum, than on some courses I attended in my previous life!!! … ZvnK ..
on 11-10-2018 17:32
@Anonymous
Thanks for the compliment.
I use the questions to give me the impetus to research my answers properly. I'm not always perfect mind you, but I don't just regurgitate someone elses answer I do try an understand it.
SSL is a fun subject in itself as we didn't really get encryption on the net til 1995 with SSL2.0 (Secure Sockets Layer)
https://en.wikipedia.org/wiki/Transport_Layer_Security
This was originally patented by Netscape and by extension by AOL who bought them out. SSL3.0 followed and then after that the code was moved to open source and the next iteration was TLS1.0 - The name change was to avoid any rights issues similar to those that happened with things like the GIF format. Add to that it was sufficiently different from SSL 3.0 but did of course provide a fallback option.
What really confused things for me was things like Microsoft Office.
Their dialogs originally gave encryption choices as SSL or TLS. However whenever they mentioned SSL they were referring to SSL or TLS where the communication is encrypted from the outset and when mentioning TLS they were referring to StartTLS whereby the communication uses the same unencrypted channels as before, but the client sends a StartTLS command to set up encryption.
In fact although few servers use them - it is possible to set up StartTLS encryption for POP3 and IMAP as well. In theory that would free up ports 993 and 995 for other uses, but is probably unlikely to change any time soon.
But this lack of encryption standard also explains why email was broken as designed. Until encryption techniques entered the public domain, standards like email http, telnet etc could not be encrypted. After that companies were notoriously slow to adopt it. TalkTalk only did so last year and PlusNet still doesn't.
Tim
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks
on 11-10-2018 18:54
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer or use Kudos to say thanks