Cable giant Virgin Media appears to have confirmed that an unspecified numbers of its customers webmail accounts seem to have been hacked by "brute force or dictionary attacks" (i.e. an automatic script or Trojan will attempt lots of different combinations to find your password). The webmail accounts are then believed to have been hijacked in order to send out SPAM (junk email) to their contact lists.

Sadly such attacks are quite common, which is why everybody should always remember to use longer passwords that contain a random combination of numbers, letters and or special characters. Passwords like that are very difficult for Brute Force methods to identify, while passwords like "whiterabbit" or "kittensnuggler" would be fairly easy.


Interestingly Virgin Media already appears to require that passwords contain at least one digit and no dictionary words, although we're unsure whether or not they do any enforced checking of this. Some customers, whom also checked their computers for any viruses, report being hacked despite the use of an allegedly strong password.

It should also be said that email, especially webmail services, have a poor history when it comes to security. Spammers can easily spoof emails to make them appear to be from a legitimate address, when it fact the message would have originated from elsewhere. In some cases even the IP address and email headers could be faked to appear legitimate. This is one reason why SPAM is so difficult to stop.

A related article on PC Pro suggests that a similar wave of hacks has been experienced by users of the Gmail and Yahoo Mail service. In fairness such attacks occur all the time and it would be very difficult to discern whether or not there has been a recent peak in related problems because SPAM already accounts for 85-95% of all mails.

Meanwhile Virgin's Internet Security Team has called for any affected customers to log in to "My Virgin Media" on the website and update their email password and security question. Customers are also being advised to run a full virus scan on the computer they normally use to access their email.