Menu
Reply
KStone
  • 2
  • 0
  • 0
Joining in
1,495 Views
Message 1 of 16
Flag for a moderator

Account Hacked And Cannot Sign Out Browser Sessions, Hacker Stays Logged In Unit Hacker Decide To Log OUT

I have found a flaw in Virgins Security System Account. Unfortunately, Virgin Cannot Help so I wanted everyone to know because if true, I believe they need to upgrade their systems. Furthermore, if true this puts every customer at risk.

Problem: My Virgin Account was hacked so I logged into my account removed the Auto Forward  & Rules setup by hacker. I then Changed the Security Questions & Changed Password. I also Quit All Sessions. I signed back in with new password and thought all was OK. 

Two days later I had the same problem my account was hacked Auto Forward and Rules Back On. So, I could not understand how this was possible as I have changed password changed security question settings. So I did a test.

I decided to Change Password Again. I logged on with the new details on my mobile and on another computer (not at my home), and stayed logged in on my mobile and other computer (at other location). I signed out from my computer at home & resigned back in with the new login details. I then proceeded to change the password, sign out, and sign back in with a new password. I checked the Mobile and the other Computer at another location were still logged in and they were still logged in under the old password. So on my computer at home I used the Virgin Media feature "Sign Out From All Accounts".. This is when I stumbled across the huge security flaw; My mobile signed out, great I thought, but my Computer at the other location was still logged in, so this means that if a hacker has taken control of your account on a computer and stays logged in, they can read your emails online, change passwords, and setup Auto Forwarding until they decide to stop and log out. To top things off you cannot do anything about this and this is why I am continually getting hacked into regardless of changing my password and security questions. 

I wanted to share this as Virgin Technical Support told me that they cannot do anything and I find this unacceptable and feel that their security systems are not strong enough. Maybe others can do the same test and find out what is going on and to prove this flaw exists. Hopefully someone at Virgin Media Security Team... if they have one, can reply.

0 Kudos
Reply
KStone
  • 2
  • 0
  • 0
Joining in
1,470 Views
Message 2 of 16
Flag for a moderator

Re: Account Hacked And Cannot Sign Out Browser Sessions, Hacker Stays Logged In Unit Hacker Decide To Log

An Update as long as the hacker stays logged into My Profile Page and does not log out  they can change password at will. The Sign Out Works on Browser and Mobile but profile page does not sign out and this is where the hacker changes passwords and relogs back into your emails with new password.

0 Kudos
Reply
用心棒
  • 7.65K
  • 845
  • 2.55K
Very Insightful Person
Very Insightful Person
1,436 Views
Message 3 of 16
Flag for a moderator

Re: Account Hacked And Cannot Sign Out Browser Sessions, Hacker Stays Logged In Unit Hacker Decide To Log

Issue has been flagged to the forum team; be aware it can take them a few hours / days to respond.


I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click helpful.jpeg Mark as Helpful Answer and solved, or use thanks.jpeg Kudos to say thanks

0 Kudos
Reply
Corey_C
  • 5.31K
  • 259
  • 454
Moderator
Moderator
1,369 Views
Message 4 of 16
Flag for a moderator
Helpful Answer

Re: Account Hacked And Cannot Sign Out Browser Sessions, Hacker Stays Logged In Unit Hacker Decid...

Thanks for your post and welcome to the Community Forums, KStone,

 

I have forwarded your post to our Internet Security team for further investigation. I will update this post once I get an update from them or may private message you if they need your details to replicate the issue.

 

Cheers,

Corey C

0 Kudos
Reply
ALF28
  • 1.44K
  • 25
  • 176
Knows their stuff
994 Views
Message 5 of 16
Flag for a moderator

Re: Account Hacked And Cannot Sign Out Browser Sessions, Hacker Stays Logged In Unit Hacker Decid...

I had this happen with a secondary email today, I logged out, but then a message stated that "another browser session was open" so could not log off properly.

I logged in and quit all sessions which seemed to cure the issue. The last login date by myself was December 2021.

Perhaps it was logged in previously and not logged out prior to closing a browser, and does not time out (similar to gmail).

I do not think it was hacked, no auto forward set up- I checked, but have changed my password and security question to be on the safe side.

I have also noticed that the system does appear to allow multiple login session at the same time, and have done that myself before using email client and web mail at the same time, or two different computers can have two sessions open at the same time viewing the same email.

Hope the email it is secure with this issue?, and it important to remember to log out when viewing the virgin media account/email or it may stay open posing some security risk if using a non -secure computer. 

Note- email will time out if left logged in after perhaps 10 minutes of inactivity, so if a browser is closed without logging out it should  still time out and not stay logged in for ever more as it seems to do?

I note this issue happens with most email providers, and sessions remain open if not logged out, yet in this particualr case although the session is open in another browser, I still have to log in, so perhaps a different browser may have been used as I use edge, chrome, avast browsers.

alf28

 

0 Kudos
Reply
ALF28
  • 1.44K
  • 25
  • 176
Knows their stuff
963 Views
Message 6 of 16
Flag for a moderator

Re: Account Hacked And Cannot Sign Out Browser Sessions, Hacker Stays Logged In Unit Hacker Decid...

UPDATE- LOGGING OUT ISSUE

I checked all my secondary emails, and found another 2 had the same issue, were already open on another browser so could not log out properly.

My other 4 secondary emails were ok and did log out, so only 3 were displaying this message on log out-

Logging off for all sites did not succeed. To complete the logoff process, we recommend that you close all of your browser windows.
Local Authority: oauth.virginmedia.com

 

Any reason for this issue?- not had the issue/message  before when logging out, unless virgin have just started using this above message.

Note- problems posting today- keeps losing the page when posting and then loses the text in the post, took several attempts to do these posts-keeps bomming out whem I click post.

alf28

0 Kudos
Reply
ALF28
  • 1.44K
  • 25
  • 176
Knows their stuff
914 Views
Message 7 of 16
Flag for a moderator

Re: Account Hacked And Cannot Sign Out Browser Sessions, Hacker Stays Logged In Unit Hacker Decid...

UPDATE-secondary emails logging out problem

The secondary emails that displayed the message that they could not be logged out, have today reverted to a normal log out.

I did not click quit all sessions on two that remained logged in, so unsure why the problem has self rectified.

(I tried to repeat the issue, to investigate why this was happening, but will change my passwords now and click quit all sessions)

This could mean a hacker was in my secondary emails and now logged out?, unless there is some other explanation???

I am sure I did not have any other browsers open and have never used email clients with the emails in question, so a mystery.

There has been no comment/answer from the community/forum regarding the message meaning- please respond.

Logging off for all sites did not succeed. To complete the logoff process, we recommend that you close all of your browser windows.
Local Authority: oauth.virginmedia.com

 

It would be much better security if virgin media added two factor authentication, most companies are doing that now, even mobile operators do that, virgin are still in the dark ages enabling easy access for hackers.

alf28

0 Kudos
Reply
用心棒
  • 7.65K
  • 845
  • 2.55K
Very Insightful Person
Very Insightful Person
887 Views
Message 8 of 16
Flag for a moderator

Re: Account Hacked And Cannot Sign Out Browser Sessions, Hacker Stays Logged In Unit Hacker Decid...


@Corey_C wrote:

I have forwarded your post to our Internet Security team for further investigation. I will update this post once I get an update from them or may private message you if they need your details to replicate the issue.


@ModTeam, is there any update for this issue?

Corey_C
  • 5.31K
  • 259
  • 454
Moderator
Moderator
873 Views
Message 9 of 16
Flag for a moderator

Re: Account Hacked And Cannot Sign Out Browser Sessions, Hacker Stays Logged In Unit Hacker Decid...

Hi ALF28,

In going through your posts, your issue and the OP's are not the same. Just to streamline things a bit, the OP was stating that the "Quit other sessions" function was not being applied to all other machines. [please advise if incorrect]

Your posts are indicating you are getting "Logging off for all sites did not succeed." messages on a few of your mailboxes when trying to end the sessions regularly. [Again please advise if I understood incorrectly]

@ 用心棒 I did not hear anything back from Internet Security regarding my last post on this matter. I'll get it chased up now.

Cheers,
Corey C
ALF28
  • 1.44K
  • 25
  • 176
Knows their stuff
856 Views
Message 10 of 16
Flag for a moderator

Re: Account Hacked And Cannot Sign Out Browser Sessions, Hacker Stays Logged In Unit Hacker Decid...

I can now log out without the message coming up the problem has resolved itself overnight.

I do have two laptops, and that may have caused the issue.

There is no evidence of hacking but still unsure why I got the message.

I had never had such a message before, but the quit all sessions option did seem to work for one email I tested.

The other email no longer has the message and I did not quit all sessions.

It only applied to some emails, not all as I have 8 in total.

The email had not been used since december 2021 and I always log out so the message regarding "other browsers open so can not log out" was unusual and have never seen that message before having used the emails for 20+ years.

These are spare emails I rarely used now,and there is no evidence of hacking.

As the fault has cleared, no need for further investigation but I will see if it appears again and update this post if needed.

I will change passwords on the emails involved.

I did a new post regarding the logging out message, so will  reply saying solved on another post.

The only unusal thing was one email had the contact address changed from my recorded address, but was changed to another address belonging to me, perhaps my records were incorrect or not updated as I use several contact emails which I need to rectify/check.

alf28

0 Kudos
Reply