Thousands of customers ‘at risk’ following Virgin Media hack

Editor 25
Found 22nd Jun 2017

VIRGIN Media is advising more than 800,000 customers with a specific router to change their password immediately after an investigation found hackers could gain access to it.

Virgin Media said the risk to customers with a Super Hub 2 router was “small”, but advised them to change both their network and router passwords if they were still set as the default shown on the attached sticker.

The advice followed a Which? snapshot investigation which found that hackers could access to home networks and connected appliances in as little as four days.

Ethical security researchers SureCloud gained access to the Super Hub 2, although Virgin Media said the issue existed with other routers of the same age, not just their model.

A Virgin Media spokesman said: “The security of our network and of our customers is of paramount importance to us.

“We continually upgrade our systems and equipment to ensure that we meet all current industry standards.

“To the extent that technology allows this to be done, we regularly support our customers through advice and updates and offer them the chance to upgrade to a Hub 3.0 which contains additional security provisions.”

The Which? study tested whether popular smart gadgets and appliances, including wireless cameras, a smart padlock and a children’s Bluetooth toy, could stand up to a possible hack.

Some of the devices proved harder than others to infiltrate, such as the Amazon Echo, but eight out of 15 appliances were found to have at least one security flaw.

The test found that the Fredi Megapix home CCTV camera system operated over the internet using a default administrator account without a password, and Which? found thousands of similar cameras available for anyone to watch the live feed over the internet.

The watchdog said that “worse still” a hacker could even pan and tilt the cameras to monitor activity in the house.

SureCloud hacked the CloudPets stuffed toy, which allows family and friends to send messages to a child via Bluetooth and made it play its own voice messages.

Which? said it contacted the manufacturers of eight affected products to alert them to flaws as part of the investigation, with the majority updating their software and security.

It did not receive a response from the manufacturers of either Fredi Megapix or CloudPets.

The consumer group said the industry needed to take the security of internet-enabled and smart products seriously by addressing the basics such as ensuring devices required a unique password before use, using two-factor authentication, and issuing regular security updates for software.

Alex Neill, Which? managing director of home products and services, said: “There is no denying the huge benefits that smart-home gadgets and devices bring to our daily lives.

“However, as our investigation clearly shows, consumers should be aware that some of these appliances are vulnerable and offer little or no security.

“There are a number of steps people can take to better protect their home, but hackers are growing increasingly more sophisticated.

“Manufacturers need to ensure that any smart product sold is secure by design.”




Community Updates
25 Comments
"we regularly support our customers through advice and updates and offer them the chance to upgrade to a Hub 3.0 which contains additional security provisions.”

Now that is pure bs, at my grandparents they had the SuperHub 1 for a very long time (6 years), and when I phoned them about an upgrade to one of the latest ones, they wanted a small fee. (Of course every ISP does this) Complained how bad it is for a bit and they send a replacement.

TL:Dr they do offer upgrades but for a fee not to increase customer safety.
charged me£20 for the hub 3
I've not been offered anything to do with updating my hub or anything to do with making it more secure. Luckily I'm not computer illiterate and know how to protect myself but them saying that is complete rubbish.
Why do Virgin customers not have any info, an email for starters? Is there a link to the info please?
Told me they were sending a hub 3 last december it never arrived.
den169

Told me they were sending a hub 3 last december it never arrived.



​Probably for the best...

Virgin Media’s Super Hub 3 allegedly has another flaw – and it’s a big one - TechRadar
techradar.com/new…one
den169

Told me they were sending a hub 3 last december it never arrived.




Same with me, and signed a new 12 months contract, still on hub 1 but only use as a modem anyway
You've got to be a bit stupid to still have default settings on any network device.

Can't see why someone would want to DoS a home connection though unless you're having a full on nerd off and annoy someone on Warcraft or other such nerdary.

The word hack is banded about far too much and 99% used incorrectly.
Towelie

...The word hack is banded about far too much and 99% used incorrectly.



Yup

One of the many corrections I have made over the years...

(Comment #12)
[ hotukdeals.com/mis…430 ]

Towelie

...Can't see why someone would want to DoS a home connection though … ...Can't see why someone would want to DoS a home connection though unless you're having a full on nerd off and annoy someone on Warcraft or other such nerdary...



Talking of which; some advice on selecting passwords:

(Comment #63)
[ hotukdeals.com/mis…818 ]
msmyth

...The advice followed a Which? snapshot investigation which found that … ...The advice followed a Which? snapshot investigation which found that hackers could gain access to home networks and connected appliances in as little as four days....



^ Presumably.
Towelie

...The word hack is banded about far too much and 99% used incorrectly.

Towelie

...Can't see why someone would want to DoS a home connection though … ...Can't see why someone would want to DoS a home connection though unless you're having a full on nerd off and annoy someone on Warcraft or other such nerdary...



The enforced password change is a bit of a joke and almost counter productive.

We have to change passwords every 90 days at my work so it just forces people to use incremental passwords just so they can remember them - pretty sure at least half of them are just Passwordxx.

I've been there for ages now so upto 57 X)
I have just done a search for this and Virgin have not realised any statements what so ever regarding the Superhub 2. What is your source for this article?
Virgin mobile is a big con if your on Virgin get rid of them company is not worth dealing with
uswitch.com/bro…aw/

just an update ive found

i think this thread can be closed?
Carwash124

Virgin mobile is a big con if your on Virgin get rid of them company is … Virgin mobile is a big con if your on Virgin get rid of them company is not worth dealing with



​mobile is a differemt entity to media
To be fair the default password is changeme which a simple google would reveal anyway. When even the password tells you to change the password and you choose not to you gotta expect trouble.
Can't even get Virgin Fibre. But they seem to install and bypass my house.
31268891-hpO4J.jpg
Liars Liars Liars!
For over a year i was paying for a 50mb connection and when i finally worked out how to test the speed i contacted customer care, i found out the hub i had was not capable of the speed i was paying for.
When i got in touch with complaint and informed them, i was told they were sending out the hubs for the speed i was paying, my reply was "and its taken you over a yr, and only now because i found out?"
Then guess what happened when i went to 100mb connection, yep same again, when you upgrade they dont tell you the hub you have may not be capable of the speed you pay for, nor do they offer to send one out!
I had to threaten them with leaving before they sent me a new hub.
They are the worst company to deal with, you only have to go to their facebook page to see the people who call and their customer service either don't anser, tell a lie that some one will get back to you and never do, or my favourite which they do now everytime you have a complaint, 'HANG UP'.
They hang up on you and then when you call back complaining again and mentioning being hung up on, they go and do it again!
You will NEVER get the speed you pay for, i can guarantee you that!
Edited by: "steve13579" 23rd Jun 2017
19 comments only, looks like they don't have many customers.
dusktilldawn

Can't even get Virgin Fibre. But they seem to install and bypass my … Can't even get Virgin Fibre. But they seem to install and bypass my house.



​ive PM'd you
Towelie

The enforced password change is a bit of a joke and almost counter … The enforced password change is a bit of a joke and almost counter productive. We have to change passwords every 90 days at my work so it just forces people to use incremental passwords just so they can remember them - pretty sure at least half of them are just Passwordxx. I've been there for ages now so upto 57 X)



snap... I'm on xxxxxxx089 now X)
m00head

Thousands of customers ‘at risk’ following Virgin Media hack - Fife Tod … Thousands of customers ‘at risk’ following Virgin Media hack - Fife Todayhttp://www.fifetoday.co.uk/news/thousands-of-customers-at-risk-following-virgin-media-hack-1-4483391Full Coverage - Google Newshttps://news.google.co.uk/news/more?hl=en&pz=1&ned=uk&ncl=dFULzKVmIndcitMuC1aHCBUsahzTM


Hi sorry, I meant from the source the papers were quoting. I finally found the link in a reply to a VM customer hidden in Visitor posts on Facebook. T
It's scrolling across the TV on ITV, I can tell you, we did change it, wish I had never read this thread, the network completely disappeared early evening, it was not there as an option to connect to after password change.They were obviously inundated last night so I could not get through.
Just spoken to them and of course, I got the raft of daft questions asking if I had a booster, an ethernet cable a smart device. Nope, I just changed the password as advised. In India where you end up, they have not heard this news.
the best engineer advice I had was when a VM engineer came round due to latency issues with internet and he said the problem was I had changed my router password, it needed to be kept as the default! I had an argument with him, feeding me this BS!
steve13579

Liars Liars Liars! You will NEVER get the speed you pay for, i can … Liars Liars Liars! You will NEVER get the speed you pay for, i can guarantee you that!



I can guarantee that you can't guarantee that. I get 200mb+ where I am, and it's been solid for well over a year now.
Post a comment
Avatar
@
    Text

    Top Discussions