Posted: 23rd Nov, 2011 By: MarkJ
Cable giant Virgin Media appears to have confirmed that an unspecified numbers of its customers
webmail accounts seem to have been hacked by "
brute force or dictionary attacks" (i.e. an automatic script or Trojan will attempt lots of different combinations to find your password). The webmail accounts are then believed to have been hijacked in order to send out
SPAM (junk email) to their contact lists.
Sadly such attacks are quite common, which is why everybody should always remember to use longer passwords that contain a random combination of numbers, letters and or special characters. Passwords like that are very difficult for
Brute Force methods to identify, while passwords like "
whiterabbit" or "
kittensnuggler" would be fairly easy.
A VirginMedia Support Member said:
"There has been no breach of our mail servers, passwords are hacked and cracked by spammers using Brute force or Dictionary attacks on soft passwords, and that happens to all users on all internet providers and this seems to be the case here."
Interestingly Virgin Media already appears to require that passwords contain at least one digit and no dictionary words, although we're unsure whether or not they do any enforced checking of this. Some customers, whom also checked their computers for any viruses, report being hacked despite the use of an allegedly strong password.
It should also be said that email, especially webmail services, have a
poor history when it comes to security. Spammers can easily spoof emails to make them appear to be from a legitimate address, when it fact the message would have originated from elsewhere. In some cases even the IP address and email headers could be faked to appear legitimate. This is one reason why SPAM is so difficult to stop.
A related article on PC Pro suggests that a similar wave of hacks has been experienced by users of the
Gmail and
Yahoo Mail service. In fairness such attacks occur all the time and it would be very difficult to discern whether or not there has been a recent peak in related problems because SPAM already accounts for 85-95% of all mails.
Meanwhile Virgin's
Internet Security Team has called for any affected customers to log in to "
My Virgin Media" on the website and update their email password and security question. Customers are also being advised to run a full virus scan on the computer they normally use to access their email.