18-12-2021 12:22 - edited 18-12-2021 12:34
I have found a flaw in Virgins Security System Account. Unfortunately, Virgin Cannot Help so I wanted everyone to know because if true, I believe they need to upgrade their systems. Furthermore, if true this puts every customer at risk.
Problem: My Virgin Account was hacked so I logged into my account removed the Auto Forward & Rules setup by hacker. I then Changed the Security Questions & Changed Password. I also Quit All Sessions. I signed back in with new password and thought all was OK.
Two days later I had the same problem my account was hacked Auto Forward and Rules Back On. So, I could not understand how this was possible as I have changed password changed security question settings. So I did a test.
I decided to Change Password Again. I logged on with the new details on my mobile and on another computer (not at my home), and stayed logged in on my mobile and other computer (at other location). I signed out from my computer at home & resigned back in with the new login details. I then proceeded to change the password, sign out, and sign back in with a new password. I checked the Mobile and the other Computer at another location were still logged in and they were still logged in under the old password. So on my computer at home I used the Virgin Media feature "Sign Out From All Accounts".. This is when I stumbled across the huge security flaw; My mobile signed out, great I thought, but my Computer at the other location was still logged in, so this means that if a hacker has taken control of your account on a computer and stays logged in, they can read your emails online, change passwords, and setup Auto Forwarding until they decide to stop and log out. To top things off you cannot do anything about this and this is why I am continually getting hacked into regardless of changing my password and security questions.
I wanted to share this as Virgin Technical Support told me that they cannot do anything and I find this unacceptable and feel that their security systems are not strong enough. Maybe others can do the same test and find out what is going on and to prove this flaw exists. Hopefully someone at Virgin Media Security Team... if they have one, can reply.
Answered! Go to Answer
on 19-12-2021 12:44
Thanks for your post and welcome to the Community Forums, KStone,
I have forwarded your post to our Internet Security team for further investigation. I will update this post once I get an update from them or may private message you if they need your details to replicate the issue.
Cheers,
Corey C
18-12-2021 13:10 - edited 18-12-2021 13:13
An Update as long as the hacker stays logged into My Profile Page and does not log out they can change password at will. The Sign Out Works on Browser and Mobile but profile page does not sign out and this is where the hacker changes passwords and relogs back into your emails with new password.
on 18-12-2021 20:28
Issue has been flagged to the forum team; be aware it can take them a few hours / days to respond.
―
I'm a Very Insightful Person, I'm here to share knowledge, I don't work for Virgin Media. Learn more
Have I helped? Click Mark as Helpful Answer and solved, or use
Kudos to say thanks
on 19-12-2021 12:44
Thanks for your post and welcome to the Community Forums, KStone,
I have forwarded your post to our Internet Security team for further investigation. I will update this post once I get an update from them or may private message you if they need your details to replicate the issue.
Cheers,
Corey C
09-03-2022 09:30 - edited 09-03-2022 10:00
I had this happen with a secondary email today, I logged out, but then a message stated that "another browser session was open" so could not log off properly.
I logged in and quit all sessions which seemed to cure the issue. The last login date by myself was December 2021.
Perhaps it was logged in previously and not logged out prior to closing a browser, and does not time out (similar to gmail).
I do not think it was hacked, no auto forward set up- I checked, but have changed my password and security question to be on the safe side.
I have also noticed that the system does appear to allow multiple login session at the same time, and have done that myself before using email client and web mail at the same time, or two different computers can have two sessions open at the same time viewing the same email.
Hope the email it is secure with this issue?, and it important to remember to log out when viewing the virgin media account/email or it may stay open posing some security risk if using a non -secure computer.
Note- email will time out if left logged in after perhaps 10 minutes of inactivity, so if a browser is closed without logging out it should still time out and not stay logged in for ever more as it seems to do?
I note this issue happens with most email providers, and sessions remain open if not logged out, yet in this particualr case although the session is open in another browser, I still have to log in, so perhaps a different browser may have been used as I use edge, chrome, avast browsers.
alf28
09-03-2022 10:59 - edited 09-03-2022 11:12
UPDATE- LOGGING OUT ISSUE
I checked all my secondary emails, and found another 2 had the same issue, were already open on another browser so could not log out properly.
My other 4 secondary emails were ok and did log out, so only 3 were displaying this message on log out-
Logging off for all sites did not succeed. To complete the logoff process, we recommend that you close all of your browser windows. |
Local Authority: oauth.virginmedia.com |
Any reason for this issue?- not had the issue/message before when logging out, unless virgin have just started using this above message.
Note- problems posting today- keeps losing the page when posting and then loses the text in the post, took several attempts to do these posts-keeps bomming out whem I click post.
alf28
10-03-2022 10:33 - edited 10-03-2022 10:47
UPDATE-secondary emails logging out problem
The secondary emails that displayed the message that they could not be logged out, have today reverted to a normal log out.
I did not click quit all sessions on two that remained logged in, so unsure why the problem has self rectified.
(I tried to repeat the issue, to investigate why this was happening, but will change my passwords now and click quit all sessions)
This could mean a hacker was in my secondary emails and now logged out?, unless there is some other explanation???
I am sure I did not have any other browsers open and have never used email clients with the emails in question, so a mystery.
There has been no comment/answer from the community/forum regarding the message meaning- please respond.
Logging off for all sites did not succeed. To complete the logoff process, we recommend that you close all of your browser windows. |
Local Authority: oauth.virginmedia.com |
It would be much better security if virgin media added two factor authentication, most companies are doing that now, even mobile operators do that, virgin are still in the dark ages enabling easy access for hackers.
alf28
on 10-03-2022 13:03
on 10-03-2022 13:55
10-03-2022 15:10 - edited 10-03-2022 15:20
I can now log out without the message coming up the problem has resolved itself overnight.
I do have two laptops, and that may have caused the issue.
There is no evidence of hacking but still unsure why I got the message.
I had never had such a message before, but the quit all sessions option did seem to work for one email I tested.
The other email no longer has the message and I did not quit all sessions.
It only applied to some emails, not all as I have 8 in total.
The email had not been used since december 2021 and I always log out so the message regarding "other browsers open so can not log out" was unusual and have never seen that message before having used the emails for 20+ years.
These are spare emails I rarely used now,and there is no evidence of hacking.
As the fault has cleared, no need for further investigation but I will see if it appears again and update this post if needed.
I will change passwords on the emails involved.
I did a new post regarding the logging out message, so will reply saying solved on another post.
The only unusal thing was one email had the contact address changed from my recorded address, but was changed to another address belonging to me, perhaps my records were incorrect or not updated as I use several contact emails which I need to rectify/check.
alf28