Koodo Community

my account has been hacked

  • 19 November 2020
  • 13 replies
  • 375 views

I had an email saying that my email address has been changed to one that I do not know.  I can no longer login to my self serve account and I can't get a hold of anyone!!! This is ridiculous.....


13 replies

Userlevel 7
Badge +4

@Vhamma please call 1-844-232-7678 and our porting team will be able to help resolve this for you once you’re authenticated as the account owner.

How am I supposed to be authenticated as the owner when they have changed my security pin and address on my account?! Do you see how stupid that is... your security is garbage and your automated service is possibly the most useless thing I've tried to deal with.  It was almost impossible to actually talk to a person.  WORST SERVICE EVER

Userlevel 7
Badge +4

How am I supposed to be authenticated as the owner when they have changed my security pin and address on my account?! Do you see how stupid that is... your security is garbage and your automated service is possibly the most useless thing I've tried to deal with.  It was almost impossible to actually talk to a person.  WORST SERVICE EVER

Were you able to reach the Porting team?  Did they say you failed their authentication?  Did you tell them that someone hacked your account and changed your PIN and other info?

50 minutes on the phone and 3 transfers to different people in different departments and each one has to be explained the story.... apparently an upgrade was requested... shocker! So now because they don't better security in regards to changing an account email i get to waste my time on hold...

Userlevel 7
Badge +4

50 minutes on the phone and 3 transfers to different people in different departments and each one has to be explained the story.... apparently an upgrade was requested... shocker! So now because they don't better security in regards to changing an account email i get to waste my time on hold...

To be fair, the security on an account is a double edged sword.  When it doesnt work it is not inconvenient enough.  When it works, it may be too inconvenient.

Thinking about how hard it is right now, just shows the security that Koodo actually has.  And what the scammer actually had to answer in order to get access to your account.

I know it sucks.  But koodo is not to blame.  It is the criminal who is to blame for all this

Except  how do you change an email address to login into the account without a two step verification or an email that says you are ABOUT to change your email do you want to proceed.... that way I would have had a heads up that it was trying to be changed BEFORE I got locked out. Would've saved ton of time for myself and koodo... 

Instead,  I'm stuck wasting two hours just to get a call back from the security team... not even close to an efficient process! 

Userlevel 7
Badge +4

Except  how do you change an email address to login into the account without a two step verification or an email that says you are ABOUT to change your email do you want to proceed.... that way I would have had a heads up that it was trying to be changed BEFORE I got locked out. Would've saved ton of time for myself and koodo... 

Instead,  I'm stuck wasting two hours just to get a call back from the security team... not even close to an efficient process! 

Obviously these scammers had access to your personal info.  If they answered your PIN and all your personal question info correctly you cant blame a company for thinking it is legit.  Koodo here sent a notification via email that your email login was changed.  This is pretty standard practice and allowed you to catch this scam.  My utilties, my credit card, and even my bank login doesnt have 2FA for an email login change.  All they do is send you an email that your login/email info has changed.

 

You are also thinking about your own situation.  What if a legitimate customer was a Telus internet customer and used a Telus login and then switch to Shaw for their internet and lost access to their email?  What if their phone is lost or damaged?  These situation happen.  Companies cannot lock down these accounts that harshly.  There always need to be back up situations to get into the account.  The only secure thing would to force a customer to go to a koodo kiosk to prove their identity.  But again not every customer lives near a Koodo kiosk either.

There are many situations beyond your own to consider.

Not sure you understand how this happens... it's not by chance that they "guess" this info correctly.  They hack into your account and then CHANGE your info and then they know the answers.  I imagine your paid by Koodo to make them seem competent but even Facebook notifies be when someone had accessed my account from a different city from where I last did.... 

So it's NOT unrealistic to expect better security practices from Koodo. 

I still havent spoken to anyone from the fraud/security, no access to my account or have been assured my information is secure... 

Needless to say I will be switching to another company when all of this is over. The fact that to contact someone was such a process is enough for me.  I don't find value in a company that makes it a challenge to find a phone number for customer service.  

You've lost my business.... especially because of all the other people who have experienced the EXACT same issue and clearly Koodo hasn't learned how to handle it efficiently or adjust security. 

Userlevel 7
Badge +4

Not sure you understand how this happens... it's not by chance that they "guess" this info correctly.  They hack into your account and then CHANGE your info and then they know the answers.  I imagine your paid by Koodo to make them seem competent but even Facebook notifies be when someone had accessed my account from a different city from where I last did.... 

So it's NOT unrealistic to expect better security practices from Koodo. 

I still havent spoken to anyone from the fraud/security, no access to my account or have been assured my information is secure... 

Needless to say I will be switching to another company when all of this is over. The fact that to contact someone was such a process is enough for me.  I don't find value in a company that makes it a challenge to find a phone number for customer service.  

You've lost my business.... especially because of all the other people who have experienced the EXACT same issue and clearly Koodo hasn't learned how to handle it efficiently or adjust security. 

I agree the info was not guessed.  They didnt not hack into my account.  My self serve looks fine.

I am not an employee.  Nor does Koodo dictate what I say.  As you can see in my signature, the bottom 2 links I am very critical of Koodo.  In the last link I even compare Koodo to human traffickers…. So I, in no way, am hired by koodo to “make them seem competent”. 

I think comparing Koodo to Facebook is unfair.  Lets compare Apples to Apples.  Fido, Rogers, Telus, Bell, Virgin, Verizon, AT&T, does not have 2FA for email/login changes.  Should they?  Maybe.  Last year someone hacked my Dominoes Pizza account and and claimed my free pizza.  I literally saw the order being made and yet to be delivered to an address in Montreal.  I called the pizza location and they wouldnt stop or cancel the order.  Should they have 2FA?  Maybe.  But they are also not Facebook, or Google.  I dont disagree with you they their should have 2FA for login changes, but unfortunately that level of security along with login locations (which can be faked with a VPN) is not standard for most companies in the world.

There has not been any wide reports of mutlple Koodo accounts hacked with login emails changed.  In incidences where a one off happens, it is very likely that a scammer/hacker has gotten hold of your person info (either through another company with your personal info) or personal info leak purchased on the dark web.  If there were multiple reports then I would agree that Koodo’s systems have been compromised.  but currently there is no evidence or even indications of this.  

So woulda, coulda, shoulda.  But dont be surprised if something like this happens with any other carrier.

 

In the mean time, lets focus on getting control of your account instead of arguing.  What is the status after contacting the number suggested and your 3 transfers, etc?  I will try to help the best I can with my personal time as a Koodo customer.

 

 

Well had to find the fraud/security team number and leave a message because no one ever tried to call me... 

So I'm still locked out of my account so I've stopped any payments I was planning on making. 

Pretty upset about the lack of communication because my phone number is used for my business and if anything happens to my account it could cost my business quite a bit of money. 

 

@Vhamma please call 1-844-232-7678 and our porting team will be able to help resolve this for you once you’re authenticated as the account owner.

I have contacted this number as well as the fraud and security team 3 times with a way to contact me. I still havent heard from anyone.…

This is becoming quite frustrating.  I have stopped all payments until this is resolved. 

Not sure you understand how this happens... it's not by chance that they "guess" this info correctly.  They hack into your account and then CHANGE your info and then they know the answers.  I imagine your paid by Koodo to make them seem competent but even Facebook notifies be when someone had accessed my account from a different city from where I last did.... 

So it's NOT unrealistic to expect better security practices from Koodo. 

I still havent spoken to anyone from the fraud/security, no access to my account or have been assured my information is secure... 

Needless to say I will be switching to another company when all of this is over. The fact that to contact someone was such a process is enough for me.  I don't find value in a company that makes it a challenge to find a phone number for customer service.  

You've lost my business.... especially because of all the other people who have experienced the EXACT same issue and clearly Koodo hasn't learned how to handle it efficiently or adjust security. 

I agree the info was not guessed.  They didnt not hack into my account.  My self serve looks fine.

I am not an employee.  Nor does Koodo dictate what I say.  As you can see in my signature, the bottom 2 links I am very critical of Koodo.  In the last link I even compare Koodo to human traffickers…. So I, in no way, am hired by koodo to “make them seem competent”. 

I think comparing Koodo to Facebook is unfair.  Lets compare Apples to Apples.  Fido, Rogers, Telus, Bell, Virgin, Verizon, AT&T, does not have 2FA for email/login changes.  Should they?  Maybe.  Last year someone hacked my Dominoes Pizza account and and claimed my free pizza.  I literally saw the order being made and yet to be delivered to an address in Montreal.  I called the pizza location and they wouldnt stop or cancel the order.  Should they have 2FA?  Maybe.  But they are also not Facebook, or Google.  I dont disagree with you they their should have 2FA for login changes, but unfortunately that level of security along with login locations (which can be faked with a VPN) is not standard for most companies in the world.

There has not been any wide reports of mutlple Koodo accounts hacked with login emails changed.  In incidences where a one off happens, it is very likely that a scammer/hacker has gotten hold of your person info (either through another company with your personal info) or personal info leak purchased on the dark web.  If there were multiple reports then I would agree that Koodo’s systems have been compromised.  but currently there is no evidence or even indications of this.  

So woulda, coulda, shoulda.  But dont be surprised if something like this happens with any other carrier.

 

In the mean time, lets focus on getting control of your account instead of arguing.  What is the status after contacting the number suggested and your 3 transfers, etc?  I will try to help the best I can with my personal time as a Koodo customer.

 

 

STILL haven't heard anything from anyone... the koodo rep above hasn't responded back.

No call from security team

No follow up.

Nothing

Still have zero access to my account or any of my information... 

Phones affect credit scores and I'm looking to purchase a house this year. I'm not pleased.  

I will be contacting the CRTC as my next step since no one will even get back to me. 

Userlevel 7
Badge +4

I would follow up by contacting the porting team

Reply