Beware iBurst Users !

D

DagegeN

Expert Member
Joined
Jun 1, 2006
Messages
1,315
Reaction score
0
Location
Aston Manor, Kempton Park
Hi huys..

I would like to warn all you iburst users of possible account hi-jacking.

after using my password for my account and email for over 2 months, i tried to log on this morning to check email via the web interface " Unknown user or incorrect username" error came up.

i phoned them, and the techy " not the cleanest tool in the shed " told me oh you changed your password this morning ... :eek:

i vloeked him and then he gave a major brainstrom idea " should have kept his mouth shutt" telling me that i might have forgotten my password or i am cunfuzed in what password to use .. that was followed with some more " un-educated slang words" untill i got my passport set to what i want it to be....

They have no way of identifying you over the phone !!! :eek: nothing what so ever ... so anyone can go and phone and say hallo i am Joe Black i need my password reset ... they dont ask for prev. password or account number nothing ...!! im not happy with this what so ever.
 
This is serious.

iBurst should attend to this problem ASAP, as this is open to abuse.

can anybody shed more light on this matter?
 
Last edited:
The problem has been made no easy since Iburst got rid of the ability to change your account details online*. You now have to call them and tell the techie your new password.
Let's be honest here I would not trust anyone with my password not even an Iburst employee, I totally disliked the idea of having to tell someone what it is over the phone, who knows what they can do with such sensitive info.

Passwords should be treated with the same respect as pin numbers and Iburst need to reinstate a secure password system that makes the password only changeable by an authenticated user and be stored on an encrypted database.

*You are able to obtain your current password by accessing the Iburst site and have it emailed to you, but you can't seem to change it.
 
Just a thought on this...can someone actually use your username and password with a different UT%? I thought it worked the same as the old Mnet decoders, where the machine serial number is linked to your account.

Please let me know if I was under the wrong impression.
 
Trixanno said:
Just a thought on this...can someone actually use your username and password with a different UT%? I thought it worked the same as the old Mnet decoders, where the machine serial number is linked to your account.

Please let me know if I was under the wrong impression.
Click to expand...

i am not sure give me your account details and let me try tonight :p hehehe j/k well i would not be surprized if it's not like that .....
 
I cannot log on using my details at my parents house. So yeah even though it is wrong for people to be able to change your password there is not much they can do with it.

Unless they can also change the registration details of the modem
 
I asked some questions on my account some time ago. It appears to work by logging the UT Id for all the devices your user name has been used to access the Internet on. Its logging the modem ID's that you have used. It did not appear to lock me to any one modem, and I never told Iburst my UT id number for the 2nd modem I owned.
Or perhaps if it finds that UT Id is already being used by some other user id, it wont let you use it with another user id
 
Last edited:
This has never happened to me, but Shaun and the other guy seem a bit lacking on the forums lately.

Maby they are busy, or only reply to issues they can fix...
 
A month ago I forgot my password since through the router I never had to re enter it, so I called helpdesk gave my logon name and he told me what my password was which goes to show that anyone at helpdesk has access to all our passwords.

At the time I was not worried as I also thought it would only work with my UTD, but now I am also a little concerned about hearing this.:eek:

I think Shaun Green should address this query and reply here as to whether this can be done or not.
 
It also shows that anyone who sees you loggin into your bandwidth monitor could see your username and phone helpdesk to get your password right?
 
Ekhaatvensters said:
It also shows that anyone who sees you loggin into your bandwidth monitor could see your username and phone helpdesk to get your password right?
Click to expand...

Ok I might be a little slow here, but which BW monitor are you refering to, is it the BW monitor at wbs or somewhere else, as I do not login to any BW monitors?:confused:
 
andytl5 said:
... Iburst need to reinstate a secure password system that makes the password only changeable by an authenticated user and be stored on an encrypted database....
Click to expand...
Agreed, but this has never been the case AFAIK.

rpm, here is another good story for Monday.
 
MrH said:
A month ago I forgot my password since through the router I never had to re enter it, so I called helpdesk gave my logon name and he told me what my password was which goes to show that anyone at helpdesk has access to all our passwords.

At the time I was not worried as I also thought it would only work with my UTD, but now I am also a little concerned about hearing this.:eek:

I think Shaun Green should address this query and reply here as to whether this can be done or not.
Click to expand...

little concerned? Hell, I'm crappin my pants right now!!

If i get home and can't access my internet I'm gonna kill someone! I'll start with all the iburst employees and work my way up! THEY BETTER FIX THIS SECURITY PROBLEM.
 
Is there anyway we can bump this story to the MyADSL home page? I think its a pretty serious matter that requires iBurst's attention.
It can be justified with the importance of a user's online security, and the possible fact that some accounts have already been hijacked.
 
yeah guys .. im also worried .. but now .. lets say someone hi-jacks your account then uses all your bandwidth ... hmmmm ... i am not sure how it is currently to buy new data bundles ... but then they can just buy more data bundles on your account ??? :eek: now thats the scarry part ... or just plain reading your confidential emails ..... :stress ball:
 
You must log in or register to reply here.
Back
Top
Sign up to the MyBroadband newsletter
X