Happy Dude
Established Member
- Joined
- Oct 13, 2006
- Posts
- 2,758
Sometimes Velocity send out notifications. I received a "your Velocity account profile has been updated" when I changed something (I can't recall what I changed exactly as I'd changed a lot of account details at the time), and I received a "Velocity account update" when I changed my security question.Velocity don't employ 2FA in their log-in process, unlike Qantas who do. Logging in to Qantas is a pain that requires a code from your mobile as well as the user/password. Velocity doesn't do this, just the user/password is enough for Velocity and that's the prime vulnerability.
But it's actually worse than that, because not only do they not 2FA but they also don't send out notification e-mails to both the old and new e-mail addresses when a change to contact information is made, which would alert an account holder to something fishy going on that hadn't been initiated by them. This would at least alert the holder to take a look and maybe start asking questions. Instead, as was my case, the account holder is completely blind to what's happening and doesn't notice anything amiss at all for 2 months! More than enough time to clear out all points.
I changed a lot of my details following a hack using just my email. But I didn't receive any notification that my contacts details had changed. And they definitely send out "update your password" notifications, of which I received several when the hacker tried to get in for a second time, not knowing that I had changed the email back to mine.