Voicemail hacking.

perksie · ‎31-10-2013

I was watching the BBC News today and they have been listening to a tape in a court case describing how a private investigator was able to phone O2 with a false name but the correct password (no idea how he got that) in order to succesfully get the pin to someone's voicemail reset to the default, so they could then play back and listen to their messages.

It's a pity they were allowed to continue without having the account holder's correct name, but I gather the thief had a very good line of chat.

I agree this is a difficult area and how they obtained the account password is unknown.

It goes to show that we really cannot be too careful with how we store our passwords and who might be able to gain access to them.

I use a password manager to store all mine under a master password that only I know.

There are quite a few apps and programs out there that can take care of this and I use LastPass on my pc and Colornote on my phone which seem to do the job well enough.

To support Disasters Emergency Committee: http://www.dec.org.uk/appeals text Nepal to 70000 to send £5

Sky Unlimited Broadband - Windows 10 - Nexus 4 Android 5.1.1

aldaweb · ‎31-10-2013

Given that account passwords for contracts are typically something like mother's maiden name then with a bit of investigation or social engineering they can be guessed.

That doesn't excuse O2 for allowing the PI to reset the PIN on the voicemail of course but similar to the hacking of Mat Honan's iTunes, Amazon, and Twitter accounts, if procedures aren't in place or followed correctly anyone is vulnerable.

I use Keepass personally across all my devices for password storage.

iPhone 14 Pro (O2 ), S23U (EE), iPad Pro LTE (EE), .

Reviews: iPhone-X-first-impressions ¦ Blackberry Classic ¦ Blackberry Z30 ¦ Nokia Lumia 1020 ¦ Samsung S4 Mini Part 1 ¦ Samsung S4 Mini Pt. 2

Anonymous · ‎31-10-2013

You would hope that O2 would send out via text a random PIN to the phone number on the account to prove that the person ringing up actually had the phone & was the account holder.

I'd rather O2 introduce this practice accross the board for ANY dealing's with account enquires, change of address, upgrade's, voicemail pin reset etc.

Anonymous · ‎01-11-2013

I agree with the above post 100% I also think O2 should be taken to court for allowing this to happen. The pain and suffering that was caused by this and similar hacks is unforgivable.

perksie · ‎01-11-2013

Taken to court? For what exactly?

Sending out a pin is ok provided the phone it's being sent to hasn't been stolen and the request made by the thief!

To support Disasters Emergency Committee: http://www.dec.org.uk/appeals text Nepal to 70000 to send £5

Sky Unlimited Broadband - Windows 10 - Nexus 4 Android 5.1.1

Anonymous · ‎01-11-2013

Lol Taken to court for allowing the voicemail in the first post to be hacked and no doubt many others. Also similar things like the hack that happened to me

perksie · ‎01-11-2013

Not going to happen as they have done nothing wrong, you don't nick the shopkeeper when his shop is broken into.

To support Disasters Emergency Committee: http://www.dec.org.uk/appeals text Nepal to 70000 to send £5

Sky Unlimited Broadband - Windows 10 - Nexus 4 Android 5.1.1

Anonymous · ‎01-11-2013

I agree a shop keeper isn't at fault when broken into, unless his security wasn't sufficient. For instance if he forgot to lock the shop on the way home his insurance company wouldn't pay out.

Any organisation holding our personal data has a huge responsibility to protect it as set out by the Data Protection Act 1998 more information on this can be found at http://www.legislation.gov.uk/ukpga/1998/29/contents.

Many organisations have fallen foul of this act at one time or another, more on this at http://www.ico.org.uk/ the protection of our personal data is extremely important and company's not complying with this should be brought to account more often in my opinion.

perksie · ‎01-11-2013

@Anonymous wrote:
the protection of our personal data is extremely important and company's not complying with this should be brought to account more often in my opinion.

If you think the security isn't up to the job, then make a complaint to the ICO and let us know what they have to say on the matter.

The number of security breaches reported here are tiny and no worse than any other major UK company, when you consider they hold the account details for 23 million customers, so it would appear they have it fairly well organised.

To support Disasters Emergency Committee: http://www.dec.org.uk/appeals text Nepal to 70000 to send £5

Sky Unlimited Broadband - Windows 10 - Nexus 4 Android 5.1.1

MI5 · ‎01-11-2013

Obviously we here about it here when it goes wrong but we don't get all that many reports and they have diminished somewhat lately..... I do wonder how many attempted attacks CS defend each day though...?

I have no affiliation whatsoever with O2 or any subsidiary companies. Comments posted are entirely of my own opinion. This is not Customer Service so we are unable to help with account specific issues.
Please select the post that helped you best and mark as the solution. This helps other members in resolving their issues faster. Thank you.