SECURITY: Vodafone Online account hacked

kiza

Inactive User
Joined
Oct 25, 2008
Messages
65
Reaction score
3
Hello everybody. Would appreciate any input please.

Last Friday morning, after six months, I have accessed my Vodafone online account in order to print previous bills.
Late afternoon, about 5PM, I received two SMS messages from Vodafone, thanking me about the address change.
As I was surprised, I rung Customer Services. While I was speaking to them I logged in to Vodafone account and my address, email and contact phone number were changed. I was told that two Sony Z3 phones were ordered at the same time. They were told that account was hacked, so the orders were stopped, my details changed to normal and online account suspended.
They insisted that the breach was on my side but:
* Laptop was afterwards scanned with: Malwarebytes Anti-Malware, Avast - free Antivirus, Spybot - free edition, Norman_Malware_Cleaner and RogueKiller. Nothing was found
* Nobody has access to my laptop. It is on windows 7 with all updates
* Comodo Firewall on Laptop
* Wireless connection to Fritzbox 7490 VDSL router with WPA2 encryption. Router activity log shows nothing unusual.
Nobody (literally) knows any log in details for router or any online accounts.

How could it have happened and what can I do to prevent it in the future. It has never happened before. Do not do online banking, Facebook, Tweeter..etc.
Thanks!
 
Last edited:
It was either an employee stealing your details or there is a flaw in their security that has been exploited. I reckon that no online system is 100% secure and people somewhere always know a way of hacking, it just never gets publically released so hacks and exploits remain undetected. We just have to be vigilant and keep an eye on accounts. Have you ever been on the dark web? Install the tor browser and check out the hidden WiKi, it has links to all sorts of sites with people selling services like how to only pay half price for anything on amazon and accounts with refunds for 1000's of dollars on etc, these are the kind of exploits that hackers discover themselves and make a living from and so aren't exactly going to post tutorials online and go public.
 
It was either an employee stealing your details or there is a flaw in their security that has been exploited. I reckon that no online system is 100% secure and people somewhere always know a way of hacking, it just never gets publically released so hacks and exploits remain undetected. We just have to be vigilant and keep an eye on accounts. Have you ever been on the dark web? Install the tor browser and check out the hidden WiKi, it has links to all sorts of sites with people selling services like how to only pay half price for anything on amazon and accounts with refunds for 1000's of dollars on etc, these are the kind of exploits that hackers discover themselves and make a living from and so aren't exactly going to post tutorials online and go public.

What is unusual, is that the hack was done 6-7 hours after I have accessed online account, for the first time after 6 months. No other accounts E* b*ay or Pa*y Pa*l were hacked. I was sure that there was a keylogger, but scanning has found nothing.Could it be really something on their end, as there is nothing more I can do with my equipment. My router had Webinterface enabled, outside of LAN. But it was User Name and Password protected on Https link.
I have since disabled Webinterface and use only Ethernet connection.
The address was changed to address in South London. I am in West London.
 
Hi Kiza,
You are not alone. My Vodafone online account was hacked under almost identical circumstances around the same time 8th Oct 2014. I had accessed the Vodafone web page, entered my account and asked for an offer to renew a sim-only contract. I think I added some minor personal detail - not a change of address - as well, while I was there. I received two vague messages from Vodafone saying they would be in contact about my query within 48 hours (they didn't) followed by a message saying my address had been changed. I thought Vodafone were just mixed up, were not really interested in my business and ignored it initially.
About 2 weeks later, I was contacted by Vodafone Fraud. The e-mail looked a bit dodgy so I ignored it. Then I got an e-mail that was certainly from Vodafone and I contacted them. Since then Vodafone has continued to be vague. Once my account was back up, I found out online that my address had been changed to one in north London and a substantial bill run up.
I don't know how the thieves did it. It is still under investigation and Vodafone are still giving nothing away about how it happened. They say the thieves knew enough to get into my account. They are not saying the problem is at my end and have assured me in writing that I will get my money back. I am to them "a victim of fraud". I only visit the Vodafone site one or twice a year to print off invoices or upgrade/renew contracts. The computers are personal one-man business machines, not used for leisure, not used by anyone else, scanned all the time and OK. I do not access the account from mobiles or public computers. I live in a rural area, where hacking router signals is highly unlikely. No strange activity on my credit record. I use a well-known encoded password manager to log in, so the longish password is not typed in. The password is not written down.
I blamed myself at first - as one tends to do with any unpleasant event. Perhaps I had logged on to a spoof site, but if it was spoof, it was a very good one. According to web sources an inside job or a hack on the Vodafone system could not be ruled out.
After all sorts of duff information from various Vodafone contacts and a visit to a Vodafone shop 25 miles away with phone and passport, I am now assured that my money will be returned with 28 days of the claim for return, which was made on my behalf by Vodafone on 28th November.
 
Heres a clue

31st January 2015
doomdoom88
18:57 - Deleted Posts
18:56 - Deleted Posts
18:56 - Deleted Posts
18:55 - Deleted Posts
18:55 - Deleted Posts
18:54 - Deleted Posts
18:54 - Deleted Posts
 
Back
Top