Whats rekon to this??

[beyond the blue]

I have just received this letter in this mornings post. It says that they have blocked access to "My Virgin Media" and "Virgin Media Mail" until I ring this number, but they haven't, everything is working as normal. I can still access my account and use media mail. Just wondered if anyone has had one of these letters before I ring the number.

 

[bindex]

Probable scam!
just do a search for the 08000529429 number. I may be paranoid but I'd rather be suspicious first and not scammed later

 

[Buck]

This suggests the number is genuine

http://community.virginmedia.com/t5...t-issue-with-VirginMedia-account/td-p/2862736

 

[Buck]

or ring their customer service number on 0345 454 2222 to check

 

[viv1969]

Some sites say legit, some say not so.....If you have no issues, I'd say not call.

 

[viv1969]

or ring their customer service number on 0345 454 2222 to check

 

[MartynK]

Ignore it, or call on their verified customer service number.

 

[beyond the blue]

or ring their customer service number on 0345 454 2222 to check

Just tried for 15 minutes to call them on this number, but can't get through to a human being.

 

[dejongj]

I received a phone call yesterday about my internet being blocked. I shouted a few profanities down the line. The funny part was that the number they called me on was only accessible through my internet connection

I think there is a big, as in scale, scam underway.

 

[rjbell]

just phone 150 they will have a record of it if its legit

 

[Mr Bump]

to be honest the first thing you should have done is.....

change your password...

 

[stevelmx5]

I just googled the 0800 number and got this;

http://community.virginmedia.com/t5...t-issue-with-VirginMedia-account/td-p/2862736

Which links to this;

https://community.virginmedia.com/t...rgin-Media-10th-July/m-p/2862681/thread-id/90

So I reckon its' genuine

 

[beyond the blue]

Just managed to get through to them and it turns out that it's genuine and my account was hacked 2 weeks ago and they are sorry for only just letting me know. Today's letter was dated 3rd August so it's took 4 days for that to arrive They advised me to change my password and they have no idea how I can still access my account as it was suspended 2 weeks ago.

 

[dejongj]

How do they know it was "hacked"?

 

[Mr Bump]

It always amazes me when these things come up and the work compromised, hacked and password comes up that people don't get it.

change your password ASAP.

someone gaining access to your email can open up there access to tons of you information and even go a ways to your bank details.


if in doubt allways change your password, make it random and very difficult to guess but easy for you to remember.

such as Z3brA1969! so zebra with the caps and the 3 replacing the e add a memorable number and always a punctuation mark.

 

[Mr Bump]

How do they know it was "hacked"?

activity on there logs will have it accessed from Russia or similar.

Hacked doesn't mean hacked it means someone has guessed or found out your password through other means.

do you use the same password on other sites?
If you do and that data was compromised they will try to login to your email with that password and bingo !

 

[stevelmx5]

Either that or they've been made aware of someone selling a batch of Virgin Media account details so are pre-empting the risk (and news story)

 

[dejongj]

It always amazes me when these things come up and the work compromised, hacked and password comes up that people don't get it.

change your password ASAP.

someone gaining access to your email can open up there access to tons of you information and even go a ways to your bank details.


if in doubt allways change your password, make it random and very difficult to guess but easy for you to remember.

such as Z3brA1969! so zebra with the caps and the 3 replacing the e add a memorable number and always a punctuation mark.

activity on there logs will have it accessed from Russia or similar.

Hacked doesn't mean hacked it means someone has guessed or found out your password through other means.

do you use the same password on other sites?
If you do and that data was compromised they will try to login to your email with that password and bingo !

Oh I know exactly what it is and isn't and likely more than most I was merely asking how they know and what the Helpdesk person knows about it. As a) obviously if true then they haven't taken appropriate actions, and b) if it truly was then how have they identified it.

You guessing with some generic high level stuff doesn't provide any insight at all.

 

[sphexx]

activity on there logs will have it accessed from Russia or similar.

Hacked doesn't mean hacked it means someone has guessed or found out your password through other means.

do you use the same password on other sites?
If you do and that data was compromised they will try to login to your email with that password and bingo !

You can't use punctuation marks in VM passwords nor any strong one really. They insist on alphanumeric, first must be alpha, and no more than 10 characters in all. I know because I have just re-signed with them and set a strong password using my password manager which appeared to be accepted because I was able to go on and sign up wth them. But later when I tried to log in found both email address and password were not recognised even though they were sending mail to that email address!!! I was able to recover my account by making a fresh account withe same email address but a new simple password -- by trial and error to find how simple it has to be. If the system was secure I should not have been able to do that.

 

[sphexx]

You can put your email address in:
https://haveibeenpwned.com
to see if your address is on one of the published/leaked lists of passwords.

 

[Mr Bump]

You can't use punctuation marks in VM passwords nor any strong one really. They insist on alphanumeric, first must be alpha, and no more than 10 characters in all. I know because I have just re-signed with them and set a strong password using my password manager which appeared to be accepted because I was able to go on and sign up wth them. But later when I tried to log in found both email address and password were not recognised even though they were sending mail to that email address!!! I was able to recover my account by making a fresh account withe same email address but a new simple password -- by trial and error to find how simple it has to be. If the system was secure I should not have been able to do that.

Its not so much about having ultra strong passwords its about not using the same one for other sites that exposes users to more risk for example.


you are on a forum called www.ilikebunnies.com
your login is bunny lover and your password is bunnies_galore45
now that is a fairly secure (ish) password

however www.ilikebunnies.com is looked after and manged by a school boy in Liverpool who hasn't applied a security patch in 8 months.

so a hacker from Russia slips in and steals the login ID, email and password database.

he then uses that information to try to log in to your email via a webmail portal ie www.yahoo.co.uk

he gets lucky your email password is also bunnies_galore45.

see where this is going?

@beyond the blue just for info chap have you ever or do you use the same password for your email on any other site?

 

[sphexx]

Its not so much about having ultra strong passwords its about not using the same one for other sites that exposes users to more risk for example.


you are on a forum called www.ilikebunnies.com
your login is bunny lover and your password is bunnies_galore45
now that is a fairly secure (ish) password

however www.ilikebunnies.com is looked after and manged by a school boy in Liverpool who hasn't applied a security patch in 8 months.

so a hacker from Russia slips in and steals the login ID, email and password database.

he then uses that information to try to log in to your email via a webmail portal ie www.yahoo.co.uk

he gets lucky your email password is also bunnies_galore45.

see where this is going?

@beyond the blue just for info chap have you ever or do you use the same password for your email on any other site?

You're right to point in this case we are discussing a site that has your payment details and should have a strong password.

I use a simple easlily typed and memorised password for sites like talkphotography where no important information is stored and use the same one for lots of other similar sites but different stronger ones for Amazon, Ebay etc.

 

[Mr Bump]

Ah but to a lot of folk the email account is low priority as they think it doesn't contain any payment/card stuff.

but the next step is in your email you have one from say ebuyer as you recentlybought a new hard disk.

so your hacker goes to www.ebuyer.com and clicks the I forgot my password link and that then emails the change password request to your email account.

which he has full control of

he then changes your ebuyer account password , logs in and orders a new 42 inch Samsung telly, adding another delivery address in Rotherham.

 

[ChasG]

It always amazes me when these things come up and the work compromised, hacked and password comes up that people don't get it.

change your password ASAP.

someone gaining access to your email can open up there access to tons of you information and even go a ways to your bank details.


if in doubt allways change your password, make it random and very difficult to guess but easy for you to remember.

such as Z3brA1969! so zebra with the caps and the 3 replacing the e add a memorable number and always a punctuation mark.

I have read recently, and CBA to look for source, that the recommendation above is incorrect. Evidently by brute force attack it is quite simple to 'guess' this type of password.
The articles suggest that a better method is to use 4 random words of 5 or 6 letters each as the potential combinations for 20+ letters would take a huge length of time to crack compared with the usual 8/9 letter/symbol combination. More importantly the 4 random words are easier to remember.

It was said that the system we are forced to use makes it more difficult for us recall and easier for the hackers to break than the other way round.

 

[beyond the blue]

@beyond the blue just for info chap have you ever or do you use the same password for your email on any other site?

I'm a bit like sphexx I use different passwords for where I buy stuff. However I have just done a search of my emails and I'm surprised at details I've given out. I have also given details out on this site in PMs, how secure that is I don't know.

 

[Llamaman]

 

[sphexx]

I lied a bit about how many simple passwords I use asI use the 1Password app to create and fill in login details so nearly all my passwords are 30 or more random symbols, punctuation, upper and lower case and numbers. If it is a password I have to enter frequently then I set 1Password to produce a shorter more memorable one.
The biggest snag is that some sites will accept a password that is longer than their rule and truncate it without telling you. The other common problem (PayPal for instance) is some won't allow you to paste on a password, which is often necessary when setting up an account or changing a password -- the silly thing is they say this is to stop computerised entry but in fact once the password is set they are happy to accept 1Password "typing" it in -- again PayPal for example.

 

[StewartR]

correcthorsebatterystaple - it's the only password you ever need.

 

[arclight]

I got that letter this morning and a text last night.
I phoned Virgin. It is genuine. Kind of sloppy in a way. Since I left Virgin in January and my account/ email should have shut down after 90 days, but it was not (I have been checking it). Virgin forum say that is common.

The letter does not say that Virgin were hacked, but that someone had got my password etc. Very possible - I use Password Box and it was hacked this year. Currently busy removing all my data from it and changing website passwords.