Cox Email Hacked

[presley]

We have cox for internet. I have my main account, with a very long and complicated password which I don't use for emails and then several email accounts all with unique passwords under it. Because of a previous breach with my account at cox (6 years ago), I don't use my cox email for anything that has to do with money or anything else that I deem important.

I checked my google email last night and saw that I had an email from cox saying that I changed the pass on my other cox email and that the change occurred from the main account. I tried to log into both accounts and both had the passwords changed. I told my husband to check his personal and business emails that were under that main cox account and both of those were changed. He had just been on his email less than an hour earlier, so we caught it quickly.

I went on livechat and they changed all the passwords for me and offered to sell me McAfee for cox, but I had been texting with my cyber security daughter and she already had me running windows defender. So, the odd thing is that the change was made from my primary account, which I don't use for anything other than paying the bill. It's not a password that someone could get out of guessing and I think it would take months to get from brute force. I have my passwords on my computer in KeePass. At this point, it seems like Cox email was the only thing that was compromised.

My daughter had me call cox and ask them how someone got into my main account. They wouldn't tell me that, just that the change showed up from earlier when the livechat agent changed it for me and there were two email verifications sent earlier, both to an email address that I never heard of - which my daughter looked up and it belongs to a chiropractor in a different state. My daughter said that email was probably compromised, too. I asked cox if they could see where the person was located who made the changes and she said she couldn't tell me that and suggested that I set up 2 factor auth, which I already did before I called them. I asked specifically if the password changes came from in house and she said that if I set up 2 factor my account would be safer now. Sounds sketchy to me. I just don't see how someone could get control of the main account like that. I don't even know when the last time was that I logged into that account. It's basically just a placeholder for everything else that we do there.

 

[klpca]

We have cox for internet. I have my main account, with a very long and complicated password which I don't use for emails and then several email accounts all with unique passwords under it. Because of a previous breach with my account at cox (6 years ago), I don't use my cox email for anything that has to do with money or anything else that I deem important.

I checked my google email last night and saw that I had an email from cox saying that I changed the pass on my other cox email and that the change occurred from the main account. I tried to log into both accounts and both had the passwords changed. I told my husband to check his personal and business emails that were under that main cox account and both of those were changed. He had just been on his email less than an hour earlier, so we caught it quickly.

I went on livechat and they changed all the passwords for me and offered to sell me McAfee for cox, but I had been texting with my cyber security daughter and she already had me running windows defender. So, the odd thing is that the change was made from my primary account, which I don't use for anything other than paying the bill. It's not a password that someone could get out of guessing and I think it would take months to get from brute force. I have my passwords on my computer in KeePass. At this point, it seems like Cox email was the only thing that was compromised.

My daughter had me call cox and ask them how someone got into my main account. They wouldn't tell me that, just that the change showed up from earlier when the livechat agent changed it for me and there were two email verifications sent earlier, both to an email address that I never heard of - which my daughter looked up and it belongs to a chiropractor in a different state. My daughter said that email was probably compromised, too. I asked cox if they could see where the person was located who made the changes and she said she couldn't tell me that and suggested that I set up 2 factor auth, which I already did before I called them. I asked specifically if the password changes came from in house and she said that if I set up 2 factor my account would be safer now. Sounds sketchy to me. I just don't see how someone could get control of the main account like that. I don't even know when the last time was that I logged into that account. It's basically just a placeholder for everything else that we do there.

My primary email account (since 2004) is Yahoo so I feel your pain. I have also set up a gmail account but there are a ton of historical emails in my yahoo account (many timeshare related, lol) so I still use it. The only security issues that I have ever had were on their end. There was a large hack that occurred in 2013 - and it had nothing to do with any user passwords. I suspect that the reason that Cox isn't giving you any information is that they would have to tell on themselves. But it's fixed now and you have set up 2FA so you have done as much as you can do on your side. Now you have to hope that they are taking care of the actual problem - which is on their end, it sounds like.

 

[elaine]

I'll pass on this tip from a Tugger who got her airline FF account cleaned out with the same PW as her email by the hacker issuing gift certificates. I had MANY accounts with my email PW.
NEVER use your email PW as any other PW. thanks tugger!

 

[presley]

Oddly, it happened again the next day to a lesser degree. They changed the pass for the master account, but not any of the email accounts. I called and asked how that happened since I can't log in without getting a code sent to my phone. Nobody should be able to log in without a code sent to my phone. He just said it won't happen again. I asked him for location or the IP address of the person who changed it and he said that it looked like it was me who did it and not to worry about it, that it won't happen again. I'm totally expecting it to happen again.

 

[klpca]

Wow. That's crazy.

 

[SmithOp]

Thats a huge security flaw if hackers can get past 2FA!

I never use my ISP mailbox, Spectrum, maybe I should check it...


Sent from my iPad using Tapatalk Pro

 

[Ken555]

Thats a huge security flaw if hackers can get past 2FA!

That’s not what the OP wrote.


Sent from my iPad using Tapatalk

 

[SmithOp]

That’s not what the OP wrote.


Sent from my iPad using Tapatalk

Read #4 again.


Sent from my iPad using Tapatalk Pro

 

[Talent312]

... I asked him for location or the IP address of the person who changed it and he said that it looked like it was me...

There may be a flaw in their coding that allows someone to open the account without the password. A few months ago, someone tried to get around the password at our bank by using the forgot-password function. Fortunately for us, they were not successful.

Our ISP is Cox and we have two email accounts there which we use only to attract spam, but we never had a hacking issue.
.

 

[Ken555]

This sounds fishy. Either we are not getting the full story or else there is a fundamental problem with their service. And if it was with their service, then I’d expect we would have heard about it by now and there would be other impacted people.

I’d suggest the OP change passwords again and verify that the 2FA is configured properly. If Cox permits use of an authentication app instead of sending a text message, I would also use that method for auth.


Sent from my iPad using Tapatalk

 

[controller1]

This is very strange. We have Cox and I haven't had any issues with their security. We have two cox.net email accounts. One is used only for financial transactions and the other is used only for travel reservations. I change my passwords every 90 days or so and I have to receive an authorization code sent to my cell phone prior to making those changes. I have a gmail account that I use for general purposes and receive a ton of spam on that account.

 

[dioxide45]

Also make sure that email forwarding isn't turned on in your email account on the web. I had an issue a few years ago with Yahoo Mail. They have been hacked multiple times. The hacker had also set all emails to forward to a specific address. So if they ever lost access to the account, because I changed the PW, well they would still be able to get the emails. So they could use password resets that simply work through email. Financial institutions have certainly stepped up the game and have not just two but multi factor authentication. There are ways around SMS 2 factor authentication though.

 

[Ken555]

Also make sure that email forwarding isn't turned on in your email account on the web. I had an issue a few years ago with Yahoo Mail. They have been hacked multiple times. The hacker had also set all emails to forward to a specific address. So if they ever lost access to the account, because I changed the PW, well they would still be able to get the emails. So they could use password resets that simply work through email. Financial institutions have certainly stepped up the game and have not just two but multi factor authentication. There are ways around SMS 2 factor authentication though.

This is yet another reason why I prefer authentication apps vs text/email verification. You should always use an auth app if that option is available vs receiving an email or text.

 

[presley]

There are ways around SMS 2 factor authentication though.

This is yet another reason why I prefer authentication apps vs text/email verification. You should always use an auth app if that option is available vs receiving an email or text.

I have accidently found the way around the 2step text function. I wasn't looking for it. For obvious reasons, I don't want to post it. I am going to talk to my daughter about it later and she what she recommends.