My O2 account was hacked! - Page 6

Anonymous · ‎30-09-2011

A couple of weeks ago I received an odd text from O2 informing me that I can upgrade my handset in September 2013. Now, I have a sim-only contract and haven't had a new handset from O2 in a number of years but I knew my contract was due to expire some time in late September so I checked my O2 account online. It seems that I now have a new tariff of £36 a month, which I knew nothing about and checking on down the page I spotted a completed order which turned out to be for an iPhone 4. Naturally I hadn't placed this. The Yodel tracking number revealed that it had been delivered to an address that wasn't mine the previous day.
I called O2 and discovered that my security question had been changed along with my home address and e-mail address. Someone had clearly managed to access my O2 account online and ordered himself a phone at my expense. Since the user name and password are known only to me, either O2's site security is extremely poor or someone inside O2 has accessed my information. Either way, I'm not impressed.
The customer service adviser was very helpful and promised that the fraud department would investigate and call me. However, eight days later I have heard no word from them and in the meantime I can do nothing about changing my contract while there is an issue with my account. I was planning to get a new phone, possibly the new iPhone when it comes out, but now I'm very concerned about O2's security. I've been with them for over ten years but I'm seriously considering whether I want to continue with them now.
The only piece of good news is that the phone was delivered one day and blacklisted the next.
Has anyone else had this happen? If so, how did O2 handle it?

jonsie · ‎17-05-2012

Yes I got the same results for your name

We are sorry but no results matched your search, please check the spelling or try one of the recommendations below.

Click Here For Social Media Support Links VirginmediaO2THIS IS NOT CUSTOMER SERVICE AND WE CANNOT ACCESS ACCOUNTS

perksie · ‎18-05-2012

Simply having your name and address shouldn't beat security, that's daft!

To support Disasters Emergency Committee: http://www.dec.org.uk/appeals text Nepal to 70000 to send £5

Sky Unlimited Broadband - Windows 10 - Nexus 4 Android 5.1.1

Anonymous · ‎18-05-2012

But add in mothers madien name and other security details and its easy in some cases to 2nd guess additonal details.

Security is hard to get to the right level. To high and losts of people fail, causing complaints. To lax and can cause hacked accounts.

But as I said far too much personal info is avaiable on the internet (Ancestry.co.uk ). People want easy access to create a faimily tree, but fail to forget that to a fraudster these sites are goldmines for security information.

How often do you ring o2 ? So being able to remember what you set as your security. This then causes issues as many people simply fail security and then kick off, that they know who they are and as such the operator must know who they are.....

I wonder how many people simply expect to get through security with name and phone no..... As clearly they know who they are and their phone no, so clearly it has to be them....

So in cases like this, a simple text to the cm phone no with a pin code. Could solve the issue.

But at the end of the day many people move or change their details and fail to update companies. In these case how do you suggest companies work round this when some fails security?

ewanrw · ‎18-05-2012

To be fair, O2 aren't the only ones in same situation.

My Dad had forgotten his password for T-Mobile, but was still allowed access to his account by being persistent, and was then also allowed to change to a new password.

ewan

Anonymous · ‎18-05-2012

@ewanrw wrote:
To be fair, O2 aren't the only ones in same situation.

My Dad had forgotten his password for T-Mobile, but was still allowed access to his account by being persistent, and was then also allowed to change to a new password.

ewan

Is that really relevant ?...........just because one company has poor security procedures does that make it acceptable for every company to follow ?

Anonymous · ‎18-05-2012

@O2MACH2 wrote:

Is that really relevant ?...........

yes it is.

I'm grumpy cos I'm decorating, what's your excuse.

jonsie · ‎18-05-2012

There are other ways that O2 implement security such as date and amount of last bill, most regularly called number, date, method and amount of last top up, what tariff you are on, bank details on account for direct debit, email address etc.

All these should be verified if a customer wants to order a phone shortly after the address is changed on the account. As suggested, a pin number sent to the mobile on the account to confirm an address change would be simple to implement.

Click Here For Social Media Support Links VirginmediaO2THIS IS NOT CUSTOMER SERVICE AND WE CANNOT ACCESS ACCOUNTS

Anonymous · ‎18-05-2012

@Anonymous wrote:

what's your excuse.

It's Friday.....my day for being antagonistic

ewanrw · ‎18-05-2012

@O2MACH2 wrote:
Is that really relevant ?...........just because one company has poor security procedures does that make it acceptable for every company to follow ?

It's entriely relevant as it highlights that O2 are not the only ones with the same issues. It's not a case of following.

The problem I suspect is down to 3rd party call centres, with high staff turnover, and where the responsibility for a mistake is easier to hide, but us, as consumers are probably partly to blame also; We complain when we can't access our own accounts because we can't remember our own security questions, and we complain when security is too tight.

And although it is not acceptible for accounts to be hacked, the number of people it happens to, is a tiny precentage of 70-odd million mobile customers in the UK, which would indicate that they are doing a fairly good job at getting their security levels correct.

Just my 2p worth.

ewan

Anonymous · ‎18-05-2012

@ewanrw wrote:

It's entriely relevant as it highlights that O2 are not the only ones with the same issues.

But we're only concerned with how O2 deal with security procedures.....that's why I said "is that really relevant".

But, if you're saying that it's the mobile phone industry's standard that anybody can phone up and change anybody else's personal details then that is a different matter.....but I don't think you are.

I couldn't care less what security procedures Vodafone, T-Mobile, Orange etc use because those don't affect me.