If the hackers have accessed your email account they can use the 'forgot my password' link on the VFF login page (to get sent a 'reset password link' email and reset it that way assuming they know your old one?).Can you somehow reset a velocity password without logging in? Madz had a unique password, so how can this happen?
What?Of a few million accounts it's pretty tiny. VA certainly doesn't help themselves with lax security but I suspect the victims aren't totally innocent.
go back a few posts for my full story but I did click on a pdf in a work email. From that point my work email has been used to create a zillion accounts on a zillion websites. It's a problem where websites use an email as a username, but Velocity doesn't. The problem with Velocity, in my case, is that my email address was changed without me being notified. I don't know how my email address and velocity number were "matched". I managed to change it back before any damage but have since received two more hacking attempts where I did get the forget your password link. My work email, which is also my Velocity email, is listed on several public websites and I send to tonnes of clients etc each year, so it's not or doesn't have to be a phishing thing.If the hackers have accessed your email account they can use the 'forgot my password' link.
Maybe some people have followed a link in a phishing email/SMS/ad, and entered their VFF credentials there without realising it's fake.
Intrigued by this.I’ve had 700,000 points transferred out fraudulently on 31 July and 2 August. I noticed on Tuesday night and called Virgin immediately. It’s the same story as others, the hackers have changed my email, phone etc and booked flights to London, Shanghai, San Francisco, New York and more in names that I have never heard of. They have frozen my account and said they will launch an investigation that will take 30 days. The weird thing is that I updated my password for the first time in a few years in early July, to a unique password.
This is tens of thousands of dollars worth of points. They better be able to cancel those redemptions!
Just in case you haven't done so already, you've scanned for viruses/malware by now I take it? Clicking on a pdf link can do a lot more than expose your email address, if they've used it to install malware they potentially have access to everything on your machine.but I did click on a pdf in a work email
AFF Supporters can remove this and all advertisements
They probably have a scam setup selling half-price flights or something, take the cheap payment off unsuspecting victims, book using stolen Velocity points... Looks like Velocity don't have any restrictions on who you can book reward tickets for... and disappear.Maybe I'm missing something here, but of all the types of fraud you could choose to do, you'd think booking international flights with stolen FF points would surely be one of the dumbest
IT told me they couldn't have done that and that they're soon bringing in a system that allows access to company servers etc from only a company device. I did get into "trouble" for using work email for personal things, which I do because it's easier to deal with just one. Everything I've pretty much ever signed up to has been with my work email. Occasionally I'll sign up with a hotmail, gmail etc when exploiting 'sign up as a new customer' type offers.Oh that's horrible @Happy Dude
I wonder if they got your velocity number from an email in your account (if they got access to your work email account). Then if they were in there they could action then delete password reset links overnight before anyone realised?
Velocity should also send us an SMS when account details are changed (QFF do this)
We were hacked a few years ago so possibly not the best IT dept around. I haven't scanned but IT may have done that when I told them about it. I don't have any admin rights etc.Just in case you haven't done so already, you've scanned for viruses/malware by now I take it? Clicking on a pdf link can do a lot more than expose your email address, if they've used it to install malware they potentially have access to everything on your machine.
Ah sorry, I assumed you were on a work device when you mentioned work email. If you were on a personal device then, as advice from others above, that needs to be scanned.IT told me they couldn't have done that and that they're soon bringing in a system that allows access to company servers etc from only a company device.
No you assumed correctly. I was on a work device. I assumed that IT did scans or whatever was needed security-wise. IT assured me the hackers couldn't have accessed anything on my computer. Like you, I thought they could and had read my emails to get info such as Velocity #, but I'm told that wasn't possible.Ah sorry, I assumed you were on a work device when you mentioned work email. If you were on a personal device then, as advice from others above, that needs to be scanned.