cancel
Showing results for 
Search instead for 
Did you mean: 

My O2 account was hacked!

Anonymous
Not applicable
A couple of weeks ago I received an odd text from O2 informing me that I can upgrade my handset in September 2013. Now, I have a sim-only contract and haven't had a new handset from O2 in a number of years but I knew my contract was due to expire some time in late September so I checked my O2 account online. It seems that I now have a new tariff of £36 a month, which I knew nothing about and checking on down the page I spotted a completed order which turned out to be for an iPhone 4. Naturally I hadn't placed this. The Yodel tracking number revealed that it had been delivered to an address that wasn't mine the previous day.
I called O2 and discovered that my security question had been changed along with my home address and e-mail address. Someone had clearly managed to access my O2 account online and ordered himself a phone at my expense. Since the user name and password are known only to me, either O2's site security is extremely poor or someone inside O2 has accessed my information. Either way, I'm not impressed.
The customer service adviser was very helpful and promised that the fraud department would investigate and call me. However, eight days later I have heard no word from them and in the meantime I can do nothing about changing my contract while there is an issue with my account. I was planning to get a new phone, possibly the new iPhone when it comes out, but now I'm very concerned about O2's security. I've been with them for over ten years but I'm seriously considering whether I want to continue with them now.
The only piece of good news is that the phone was delivered one day and blacklisted the next.
Has anyone else had this happen? If so, how did O2 handle it?
Message 1 of 343
35,341 Views
342 REPLIES 342

jonsie
Level 94: Supreme
  • 95714 Posts
  • 612 Topics
  • 7137 Solutions
Registered:

Yes I got the same results for your nameSmiley LOLSmiley LOL

 

We are sorry but no results matched your search, please check the spelling or try one of the recommendations below.

Message 51 of 343
1,578 Views

perksie
Level 69: Guiding Light
  • 27019 Posts
  • 247 Topics
  • 1614 Solutions
Registered:

Simply having your name and address shouldn't beat security, that's daft! Smiley Frustrated

To support Disasters Emergency Committee: http://www.dec.org.uk/appeals text Nepal to 70000 to send £5

Sky Unlimited Broadband - Windows 10 - Nexus 4 Android 5.1.1
Message 52 of 343
1,564 Views

Anonymous
Not applicable

<Simply having your name and address shouldn't beat security, that's daft>

 

But add in mothers madien name and other security details and its easy in some cases to 2nd guess additonal details.

 

Security is hard to get to the right level. To high and losts of people fail, causing complaints. To lax and can cause hacked accounts.

 

But as I said far too much personal info is avaiable on the internet (Ancestry.co.uk ). People want easy access to create a faimily tree, but fail to forget that to a fraudster these sites are goldmines for security information.

 

How often do you ring o2 ? So being able to remember what you set as your security. This then causes issues as many people simply fail security and then kick off, that they know who they are and as such the operator must know who they are.....

 

I wonder how many people simply expect to get through security with name and phone no..... As clearly they know who they are and their phone no, so clearly it has to be them....

 

So in cases like this, a simple text to the cm phone no with a pin code. Could solve the issue.

 

But at the end of the day many people move or change their details and fail to update companies. In these case how do you suggest companies work round this when some fails security?

Message 53 of 343
1,558 Views

ewanrw
Level 10: Inspirational
  • 342 Posts
  • 15 Topics
  • 9 Solutions
Registered:
To be fair, O2 aren't the only ones in same situation.

My Dad had forgotten his password for T-Mobile, but was still allowed access to his account by being persistent, and was then also allowed to change to a new password.

ewan
Message 54 of 343
1,544 Views

Anonymous
Not applicable

@ewanrw wrote:
To be fair, O2 aren't the only ones in same situation.

My Dad had forgotten his password for T-Mobile, but was still allowed access to his account by being persistent, and was then also allowed to change to a new password.

ewan

Is that really relevant ?...........just because one company has poor security procedures does that make it acceptable for every company to follow ?

Message 55 of 343
1,543 Views

Anonymous
Not applicable

@O2MACH2 wrote:


Is that really relevant ?...........


yes it is.

I'm grumpy cos I'm decorating, what's your excuse. wink

Message 56 of 343
1,530 Views

jonsie
Level 94: Supreme
  • 95714 Posts
  • 612 Topics
  • 7137 Solutions
Registered:

There are other ways that O2 implement security such as date and amount of last bill, most regularly called number, date, method and amount of last top up, what tariff you are on, bank details on account for direct debit, email address etc.

 

All these should be verified if a customer wants to order a phone shortly after the address is changed on the account. As suggested, a pin number sent to the mobile on the account to confirm an address change would be simple to implement.

Message 57 of 343
1,525 Views

Anonymous
Not applicable

@Anonymous wrote:
what's your excuse. wink


It's Friday.....my day for being antagonistic  Smiley Mad

 

 

Message 58 of 343
1,519 Views

ewanrw
Level 10: Inspirational
  • 342 Posts
  • 15 Topics
  • 9 Solutions
Registered:

@O2MACH2 wrote:

Is that really relevant ?...........just because one company has poor security procedures does that make it acceptable for every company to follow ?


It's entriely relevant as it highlights that O2 are not the only ones with the same issues. It's not a case of following.

 

The problem I suspect is down to 3rd party call centres, with high staff turnover, and where the responsibility for a mistake is easier to hide, but us, as consumers are probably partly to blame also; We complain when we can't access our own accounts because we can't remember our own security questions, and we complain when security is too tight.

 

And although it is not acceptible for accounts to be hacked, the number of people it happens to, is a tiny precentage of 70-odd million mobile customers in the UK, which would indicate that they are doing a fairly good job at getting their security levels correct.

 

Just my 2p worth.

 

ewan

Message 59 of 343
1,496 Views

Anonymous
Not applicable

@ewanrw wrote:
It's entriely relevant as it highlights that O2 are not the only ones with the same issues.

But we're only concerned with how O2 deal with security procedures.....that's why I said "is that really relevant".

 

But, if you're saying that it's the mobile phone industry's standard that anybody can phone up and change anybody else's personal details then that is a different matter.....but I don't think you are.

 

I couldn't care less what security procedures Vodafone, T-Mobile, Orange etc use because those don't affect me.

Message 60 of 343
1,491 Views