cancel
Showing results for 
Search instead for 
Did you mean: 

My O2 account was hacked!

Anonymous
Not applicable
A couple of weeks ago I received an odd text from O2 informing me that I can upgrade my handset in September 2013. Now, I have a sim-only contract and haven't had a new handset from O2 in a number of years but I knew my contract was due to expire some time in late September so I checked my O2 account online. It seems that I now have a new tariff of £36 a month, which I knew nothing about and checking on down the page I spotted a completed order which turned out to be for an iPhone 4. Naturally I hadn't placed this. The Yodel tracking number revealed that it had been delivered to an address that wasn't mine the previous day.
I called O2 and discovered that my security question had been changed along with my home address and e-mail address. Someone had clearly managed to access my O2 account online and ordered himself a phone at my expense. Since the user name and password are known only to me, either O2's site security is extremely poor or someone inside O2 has accessed my information. Either way, I'm not impressed.
The customer service adviser was very helpful and promised that the fraud department would investigate and call me. However, eight days later I have heard no word from them and in the meantime I can do nothing about changing my contract while there is an issue with my account. I was planning to get a new phone, possibly the new iPhone when it comes out, but now I'm very concerned about O2's security. I've been with them for over ten years but I'm seriously considering whether I want to continue with them now.
The only piece of good news is that the phone was delivered one day and blacklisted the next.
Has anyone else had this happen? If so, how did O2 handle it?
Message 1 of 343
35,133 Views
342 REPLIES 342

perksie
Level 69: Guiding Light
  • 27019 Posts
  • 247 Topics
  • 1614 Solutions
Registered:
It's good to hear they're tightening up on security, it's a pity that it should be necessary.
It would be helpful to get an official response though, which would go some way to inspiring confidence.
To support Disasters Emergency Committee: http://www.dec.org.uk/appeals text Nepal to 70000 to send £5

Sky Unlimited Broadband - Windows 10 - Nexus 4 Android 5.1.1
Message 31 of 343
1,722 Views

Anonymous
Not applicable
I did read the whole thread and my response was based on the information given to me by the lady I spoke to in Executive Relations on behalf of Matthew Keys who advised that whilst a report had been put forward there were no plans for any changes.
What was your information based on?!
Message 32 of 343
1,722 Views

Anonymous
Not applicable
Well, things change.
Tighter security goes into force w/c 05/12.
Message 33 of 343
1,722 Views

perksie
Level 69: Guiding Light
  • 27019 Posts
  • 247 Topics
  • 1614 Solutions
Registered:
That seems a very long time!
To support Disasters Emergency Committee: http://www.dec.org.uk/appeals text Nepal to 70000 to send £5

Sky Unlimited Broadband - Windows 10 - Nexus 4 Android 5.1.1
Message 34 of 343
1,722 Views

Anonymous
Not applicable
...the 5th of December?
Message 35 of 343
1,722 Views

perksie
Level 69: Guiding Light
  • 27019 Posts
  • 247 Topics
  • 1614 Solutions
Registered:
Too used to reading American dates I think. grin
To support Disasters Emergency Committee: http://www.dec.org.uk/appeals text Nepal to 70000 to send £5

Sky Unlimited Broadband - Windows 10 - Nexus 4 Android 5.1.1
Message 36 of 343
1,722 Views

Anonymous
Not applicable
I think sjcrows' idea about a pin or callback system is a really really good idea, O2 should take note of this one.
If failed attempts are made to access your account several times they should either call you directly or send you a message with a pin to give when you call, and if you didn't request then pin then you should call in ASAP as it means someone else is attempting unauthorised access to your account.
The mobile network I work for doesn't allow delivery of phones to any address other than the billing address, for credit check and security reasons. It causes chaos for people who can't be at home to accept the delivery, but at least it guards against fraud.
Message 37 of 343
1,722 Views

Anonymous
Not applicable
Newbie here. I had my account hacked yesterday 15 May 2012. I have been with O2 for about a month on a Sim only monthly contract. I have read all the exchanges above with interest. I can say that (i) I am not on any social or other networking sites; (ii) my username and password are known only to me and are not written down anywhere. Not even my wife has any idea what they might be; (iii) any letters with personal details are destroyed; and (iv)my personal details are not available anywhere on the Web. I know because I check regularly. I do this because I am very careful indeed about my security and privacy. Nevertheless, and despite any alleged tightening of security procedures by O2, I have been successfully targeted. This does not bode well as I must now assume that my personal details are accessible to others and the only reason for this appears to have been extraordinary slackness or fraud on the part of someone at O2. On the plus side, in so far as there is one, 02 have been very helpful in cancelling the order for a Blackberry phone on a 24 month contract at £36 per month and restoring my account and I am told their fraud team will be in touch in the few days. I hope so. My swift researches show that Vodaphone customers have also been attacked in this way. Clearly security at some of these mobile phone firms is far laxer than it ought to be. I agree with others that the companies could do more to verify these transactions before implementing them. In my case the phone was to be delivered to an address in Dudley, West Midlands. I live in Bermondsey - why would I want a phone sent to Dudley and why did not O2 ask me?
Message 38 of 343
1,677 Views

Anonymous
Not applicable

@Anonymous wrote:
I agree with others that the companies could do more to verify these transactions before implementing them. In my case the phone was to be delivered to an address in Dudley, West Midlands. I live in Bermondsey - why would I want a phone sent to Dudley and why did not O2 ask me?

MUST DO MORE not could do more.....this type of theft re. mobile phones has been going on for too long and it does appear that O2 in this case as done little to improve their security checks.

Message 39 of 343
1,675 Views

Anonymous
Not applicable

You only need key logging malware  to get to the username and password to my O2. Once in there you can view all the details of the account including the security word.

 

I tried it on mine and successfully changed my security word and address without any confirmation notification being sent to my email or phone to let me know it had happened.

 

Not good as the owner of the account would have no way of knowing that things had been accessed or changed.

 

 

Message 40 of 343
1,668 Views