topic Re: Voicemail hacking. in Discussions & Feedback

Voicemail hacking.

perksie — Thu, 31 Oct 2013 14:30:49 GMT

I was watching the BBC News today and they have been listening to a tape in a court case describing how a private investigator was able to phone O2 with a false name but the correct password (no idea how he got that) in order to succesfully get the pin to someone's voicemail reset to the default, so they could then play back and listen to their messages.

It's a pity they were allowed to continue without having the account holder's correct name, but I gather the thief had a very good line of chat.

I agree this is a difficult area and how they obtained the account password is unknown.

It goes to show that we really cannot be too careful with how we store our passwords and who might be able to gain access to them.

I use a password manager to store all mine under a master password that only I know.

There are quite a few apps and programs out there that can take care of this and I use LastPass on my pc and Colornote on my phone which seem to do the job well enough.

Re: Voicemail hacking.

aldaweb — Thu, 31 Oct 2013 15:34:03 GMT

Given that account passwords for contracts are typically something like mother's maiden name then with a bit of investigation or social engineering they can be guessed.

That doesn't excuse O2 for allowing the PI to reset the PIN on the voicemail of course but similar to the hacking of Mat Honan's iTunes, Amazon, and Twitter accounts, if procedures aren't in place or followed correctly anyone is vulnerable.

I use Keepass personally across all my devices for password storage.

Re: Voicemail hacking.

Anonymous — Thu, 31 Oct 2013 16:12:03 GMT

You would hope that O2 would send out via text a random PIN to the phone number on the account to prove that the person ringing up actually had the phone & was the account holder.

I'd rather O2 introduce this practice accross the board for ANY dealing's with account enquires, change of address, upgrade's, voicemail pin reset etc.

Re: Voicemail hacking.

Anonymous — Fri, 01 Nov 2013 13:20:12 GMT

I agree with the above post 100% I also think O2 should be taken to court for allowing this to happen. The pain and suffering that was caused by this and similar hacks is unforgivable.

Re: Voicemail hacking.

perksie — Fri, 01 Nov 2013 12:44:11 GMT

Taken to court? For what exactly?

Sending out a pin is ok provided the phone it's being sent to hasn't been stolen and the request made by the thief!

Re: Voicemail hacking.

Anonymous — Fri, 01 Nov 2013 12:49:58 GMT

Lol Taken to court for allowing the voicemail in the first post to be hacked and no doubt many others. Also similar things like the hack that happened to me

Re: Voicemail hacking.

perksie — Fri, 01 Nov 2013 13:46:46 GMT

Not going to happen as they have done nothing wrong, you don't nick the shopkeeper when his shop is broken into.

Re: Voicemail hacking.

Anonymous — Fri, 01 Nov 2013 14:33:01 GMT

I agree a shop keeper isn't at fault when broken into, unless his security wasn't sufficient. For instance if he forgot to lock the shop on the way home his insurance company wouldn't pay out.

Any organisation holding our personal data has a huge responsibility to protect it as set out by the Data Protection Act 1998 more information on this can be found at http://www.legislation.gov.uk/ukpga/1998/29/contents.

Many organisations have fallen foul of this act at one time or another, more on this at http://www.ico.org.uk/ the protection of our personal data is extremely important and company's not complying with this should be brought to account more often in my opinion.

Re: Voicemail hacking.

perksie — Fri, 01 Nov 2013 15:01:53 GMT

@Anonymous wrote:
the protection of our personal data is extremely important and company's not complying with this should be brought to account more often in my opinion.

If you think the security isn't up to the job, then make a complaint to the ICO and let us know what they have to say on the matter.

The number of security breaches reported here are tiny and no worse than any other major UK company, when you consider they hold the account details for 23 million customers, so it would appear they have it fairly well organised.

Re: Voicemail hacking.

MI5 — Fri, 01 Nov 2013 15:07:42 GMT

Obviously we here about it here when it goes wrong but we don't get all that many reports and they have diminished somewhat lately..... I do wonder how many attempted attacks CS defend each day though...?

Re: Voicemail hacking.

perksie — Fri, 01 Nov 2013 15:12:43 GMT

@MI5 wrote:
I do wonder how many attempted attacks CS defend each day though...?

It's a shame we will never know I bet it's more than we might guess.

Re: Voicemail hacking.

MI5 — Fri, 01 Nov 2013 15:32:24 GMT

Considering the number of emails I receive each day trying to con me out of info regarding bank accounts, Paypal and the like, I would assume many hundreds of fraudsters attempt to contact O2 daily.......

Re: Voicemail hacking.

perksie — Fri, 01 Nov 2013 15:48:02 GMT

Yes it has to be around that sort of figure.

Re: Voicemail hacking.

Anonymous — Fri, 01 Nov 2013 16:11:40 GMT

I agree in principle with both of you, but I have to say its a very painful and troubling issue when you've been subject to one of these O2 related hacks through no fault of your own.

Maybe the biggest problem is the way they deal with it afterwards, the apparent lack of transparency with the customer. The lack of willingness to offer what I would call reasonable compensation. If a member of my staff had exposed a clients private data in the way mine was exposed (for the time being something I can't reveal pending further investigations and a subject access request) we'd have been fined a fortune for the human mistake made in this instance.

My issue and complaint had a financial cost as well as the pain and worry it caused, the type of hacking this tread was 'I think referring to' was much more serious in that it involved access to someones voicemail and mislead a family in grief and unbelievable pain.

Re: Voicemail hacking.

Anonymous — Fri, 01 Nov 2013 16:20:55 GMT

@MI5 wrote:
I would assume many hundreds of fraudsters attempt to contact O2 daily.......

With the amount of posts on here moaning from genuine customers about long wait's to get O2 customer services to answer the phone I doubt many fraudsters will bother to hang on waiting