Re: My O2 account was hacked! - Page 30

Anonymous · ‎30-09-2011

A couple of weeks ago I received an odd text from O2 informing me that I can upgrade my handset in September 2013. Now, I have a sim-only contract and haven't had a new handset from O2 in a number of years but I knew my contract was due to expire some time in late September so I checked my O2 account online. It seems that I now have a new tariff of £36 a month, which I knew nothing about and checking on down the page I spotted a completed order which turned out to be for an iPhone 4. Naturally I hadn't placed this. The Yodel tracking number revealed that it had been delivered to an address that wasn't mine the previous day.
I called O2 and discovered that my security question had been changed along with my home address and e-mail address. Someone had clearly managed to access my O2 account online and ordered himself a phone at my expense. Since the user name and password are known only to me, either O2's site security is extremely poor or someone inside O2 has accessed my information. Either way, I'm not impressed.
The customer service adviser was very helpful and promised that the fraud department would investigate and call me. However, eight days later I have heard no word from them and in the meantime I can do nothing about changing my contract while there is an issue with my account. I was planning to get a new phone, possibly the new iPhone when it comes out, but now I'm very concerned about O2's security. I've been with them for over ten years but I'm seriously considering whether I want to continue with them now.
The only piece of good news is that the phone was delivered one day and blacklisted the next.
Has anyone else had this happen? If so, how did O2 handle it?

Anonymous · ‎21-03-2013

Update on my situation: I'm now past what used to be the O2 billing date (18th of the month), and I haven't had a bill sent to me this month. So I can only assume either:

1) The fraudsters that created the fradulent account are now paying their own bill. Or,

2) O2 stepped up & sorted all the minor details out. Or,

3) O2 have passed my "non-payment" on to a debt collection agency, who haven't bothered to get in touch with me yet.

I've only ever had 1 communication from the O2 Complaints team (initial response stating they were crediting the account, nothing confirming the account is closed/settled, and O2 sent me a bill after this). The O2 Fraud team never contacted me.

If debt collectors do contact me, which I'm half expecting, then they'll have a job providing the relevant CCA paperwork & can whistle.

EDIT: The O2 web-portal still states that it cannot find a mobile phone number associated with my account. So I'm going to assume option 2 up top. Just a shame that O2 couldn't get it right first time I guess.

For now, I'm with Three - their overseas call centres have the usual language barrier, but they have UK centres too & so far, I cannot fault their staff. I also get unlimited data use with tethering far cheaper than O2 could manage at the moment, and soon I'll be on LTE.

Perskie, "The same problem is just as likely to occur whoever you are with though" - please avoid drawing conclusions without knowing the intricate details of how any/all fraudlent activity is caused. The PCMag article you link talks about a theoretical exploit in Virgin's website - theres no suggestion that fraud has happend on Virgin as a result of this theory.

I'm not sure how the fraudlent account was setup in my case (though I have my suspicions), and I've no clue about anyone else's case. So it's a little hard to say they're related. It's a very slippery slope to say that other Telecomms firms have the same holes in their processes, as O2 evidently did with my case.

I see this forum still infrequently gets new reports of 'hacking' and/or fraud, and I've seen a few practices on this forum that I don't really agree with (eg, marking threads as 'solved' when the 'solution' doesn't even answer the question asked). However, to their credit, I've also seen what appear to be O2 staff directing forum users to Private Messages - this is how issues should be dealt with, someone stepping up (but I'd still be wary that a user on this forum really does work for O2).

perksie · ‎21-03-2013

Threads are marked as solved by the original poster, nobody else can do that.

A quick Google search will show cases of fraud happening with all the mobile phone providers in the UK.

I'm surprised that your account hasn't been straightened out yet, why not ring CS and chase them up on this?

To support Disasters Emergency Committee: http://www.dec.org.uk/appeals text Nepal to 70000 to send £5

Sky Unlimited Broadband - Windows 10 - Nexus 4 Android 5.1.1

Anonymous · ‎21-03-2013

The 'solution' issue wasn't the only practice I've seen here on the forum that didn't sit well with me.

You're right, a quick Google search will show cases of fraud happening with all mobile operators - however, the point I was making is that searching doesn't tell you that all the cases of fraud are linked in any way, so it's impossible to state the likelyhood of fraud occuring if you can't link cases - on any provider, including O2. This is why I pointed out that the PCMag article was a theory, with no evidence of anyone even testing that theory.

EDIT: A search will also bring back old news articles, where the underlying issues have been resolved, but you won't read that on the initial news article. There's little point trying to link something happening under one provider, when another provider has resolved the issue, or has an entirely different issue, for example.

To the best of my knowledge, my account has been straightened out. I didn't recieve a bill this month (when I was expecting them to erroneously send me one). I haven't paid O2 anything after my last legitimate bill. I consider that a fair outcome.

Also, given that I don't have an O2 phone, calls to O2 CS cost me money, to sort out O2's mistake. So all previous correspondence has been in writing.

I've been told (both on webchat and via Royal Mail) that the O2 Fraud team would contact me. They've not done so in over two months. Sad fact is, I find that laughable & not shocking in the slightest. The Complaints team haven't responded to one email sent to them, but I'm not bothered in the slightest about that, so long as they've done their job & settled the account properly.

That last part is the thing that will make me think twice before ever considering being an O2 customer again - after sales care.

Anonymous · ‎25-03-2013

update on my story o2 eventually overcharged me for insurances taken out on the stolen phones that were placed on my account but i got all the money refunded on my next bill.if i hadnt noticed and complained i doubt i would have got anything back.my bills are ok now but there are still mistakes with my address and contract length.never got any letter or any apology from o2 for hassle and cost to me but i guess im not suprised

Anonymous · ‎26-03-2013

I would have probably been in the same situation as you have. I recently spoke to the online chat people and the person on the other end started to ask if it was possible to have my login details, which got me real suspicious because if you was an advisor shouldn't you be able to see my details anyway and then he/she started to ask again if they have my login in details and I was like this person is definitely trying to do something fishy hahaha asking me the same question just in a different way...sorry mate aint gonna fall for that

Anonymous · ‎20-04-2013

Where to begin really! Wednesday lunchtime I received a phonecall from a manchester (0161) number claiming to be from 02 about changing my tariff/contract, simply put the phone down. Thursday afternoon/early evening lost all service to my phone, thought it was simply a signal issue despite doing the usual cleaning the micro sim etc etc. Checked my 02 account on Friday morning... apparently I had signed up for a new contract! Immediately rang 02 and discovered that a whole miriad of my details had been changed apparently via somebody ringing Carphone Warehouse claiming to be me, and that I'd lost my phone so could the sim be blocked (the sim I have in my phone) and could they send me a new one to an address in birmingham, and change the email address on the account. They supposedly passed this on the fraud team and lifted the ban on my sim... havent been able to receive phonecall though so had to ring them this morning to discover that somehow these fraudsters had managed to get my number forwarded on to another number while the were waiting for the new sim to be delivered. I've since received texts from Yodel confirming my deliveries to said address in Birmingham, and had texts from Carphone Warehouse asking me how I'd rate my experience with their sales team! Unbelievable!

Firstly I am furious! I am extremely diligent when it comes to security after having it drilled into me by various family members, and I just cannot understand how someone has been able to do this! Even after I had rung 02 initially on Friday morning, had all my passwords changed etc someone was then able to get into my account and change the security question again! I mean how is that even possible?

Liquid · ‎20-04-2013

That's disturbing:(

Your question wasnt one like where where you born?

To be honest I have been given my password previously by a CS rep. That was certainly a worrying call.

Nothing sucks more than that moment during an argument when you realize you’re wrong. So Ive been told

jonsie · ‎20-04-2013

...and so the saga continues. When will o2 get a grip on this? They say they have taken steps to stop these fraudulent transactions but it still seems far too easy to by-pass security.

Click Here For Social Media Support Links VirginmediaO2THIS IS NOT CUSTOMER SERVICE AND WE CANNOT ACCESS ACCOUNTS

Anonymous · ‎20-04-2013

@jonsie wrote:
...and so the saga continues. When will o2 get a grip on this? They say they have taken steps to stop these fraudulent transactions but it still seems far too easy to by-pass security.

Not until the people who have had their accounts compromised lodge official complaints with the Information Commissioner's Office :

http://ico.org.uk/complaints/handling

MI5 · ‎20-04-2013

It appears that CPW need to review their procedures also......

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.

Currently using:
Pixel 7a (O2 & Lyca), One Plus 6 (Sfr), iPhone 12 Pro Max (Vodafone)