cancel
Showing results for 
would you rather see results for 
Did you mean: 
Need help?

Tiscali email account compromised / hacked

ANSWERED
Reply
34 REPLIES 34
molko
Team Player

I do not have a talktalk account, i have an old tiscali accout that I access only through webmail.

 

The story goes is that I issued a password reset for quidco.com, however i never got the email from them - it was sent to tiscali.couk. I issued this password 13times in total and never got one single email to my tiscali.co.uk email.

 

I had a look in detail at my tiscali account, it appears that sometime in November 2018,  4 rules/filters were added to my tiscalii that fwd emails from quidco.com to 'chezare2014@mail.ru'. I defintly did not add these fwding rules, however i did remove them.

 

My tiscali login password was not changed, i have changed it since though. I have confirmed with talktalk customer support that the rules have now been removed (by me).

 

Any thoughts as to how this could have happened ?

Gondola
Community Star
Solution

Hi @molko

 

Your tiscali email account was compromised because the proof was there that emails were being forwarded to an unauthorised email account.

 

You may be able to determine where your tiscali email password was obtained from, if from another website data breach where you used the same or similar password, by checking your tiscali email address with the website haveibeenpwned.

 

What you must do now is scan all your devices with anti-virus and anti-malware software solutions just to make sure passwords aren't obtained by keyloggers.  It gives you the comfort of knowing that you're starting with secure devices before you start changing passwords.

 

List all the online logins where you've registered the tiscali email address.  If you've used the same or similar password elsewhere or if any password is not unique, or is too weak, then do update those passwords with ultra-strong multi-case letters, numbers and allowed symbols of at least 10-12 characters (is my minimum recommendation).  Advice from CyberAware about passwords. Advice from GetSafeOnline about passwords.

 

And your quidco account should be checked now.  Recovered if needs be and password changed there as well if you can still access it.  The hacker of your tiscali email account has had access to the password reset there. 

 

If you discover any fraud then the place to report that is ActionFraudUK.

 Gondola - Community support team

 To appreciate my help  . . .  If I offered a solution Best Answer

Community Team

Hi molko, please let us know how you get on. 

molko
Team Player

Hi

 

Managed to get my tiscali account back under control - my login password had not been changed, i removed the 'rules' that were fwd-ing Quidco emails elsewhere.

 

I also changed my tiscali email, but now have forgotten what I changed it to. Since I have no Talk Talk account and the tiscali account was setup over 15 years ago (when address details etc were not required) i can't get a password reset sorted out. Any ideas ? I've been onto Talk Talk 'chat' whilst pleasant the best solution they could come up with was to send a password reset email to my tiscali account - the account I don't have a password for !

 

Any ideas guys ?

Gondola
Community Star

Hi @molko

 

You say you changed your Tiscali email password to secure your email account and need to change it again. 

 

There are only two ways of changing the email password. One is via the TalkTalk customer MyAccount but you say you don't have access to MyAccount.  The other is via the Reset your Password option.

 

See if you recognise the hints for recovery. The password reset will be sent to either a mobile 'phone or an alternate email address you'd have set up previously.

 

Hints are given to 'remind' you of the 'phone number and recovery email address.  If it worked before it ought to work again so long as you have access to either means of recovery.

 Gondola - Community support team

 To appreciate my help  . . .  If I offered a solution Best Answer

molko
Team Player

The Reset your Password option is configured to send the password reset to the account I cannot access - this is not much use.

molko
Team Player

I have 'chatted' at length to customer services today and they cannot help.

 

I've had that account 15+ years, now becuase I have forgotten the password then its all gone - i've lost it all ? They can't issue a password reset or do anything. That is very poor. Theyre must be another option.

 

 

molko
Team Player

"If it worked before it ought to work again so long as you have access to either means of recovery."

 

To clarify, when i disovered the email breach i also realised they had not changed my passoword - so i was able to login to tiscali. I've never had a password reset through tiscali.

 

I then changed the password because of the breach, it is now that I can't remember it.

 

I have not access to TalkTalk account, I don't have a TalkTalk account.

I set the tiscali email up 15+ years ago when you didn't need to provide name, address, d.o.b etc

The Reset your Password option send the password reset email to the account (tiscali) that I cannot acccess because I don't know the password

 

So, what can i do ? Is there a number I can call ?

Gondola
Community Star

@molko wrote: I then changed the password because of the breach, it is now that I can't remember it.

How did you change the password?  The password reset doesn't send a reset to the email account you want to reset... that would be pure nonsense!

 

OK, so either we've got to get TalkTalk to create a new password for you or find the existing password. 

 

What browser do you use for Tiscali webmail?  For example, if you use Firefox and use that to save your passwords it's easy to find and see the saved password.

 

Do you use an email client like Thunderbird for your tiscali emails.  That has a password manager where you can find and see your email passwords.

 Gondola - Community support team

 To appreciate my help  . . .  If I offered a solution Best Answer

molko
Team Player

I dont use Thunderbird

I do use Firefox, it wasn't configured to store the password

TalkTalk did not create me a new password, it was of my own design

 

 

"The password reset doesn't send a reset to the email account you want to reset... that would be pure nonsense!" My tiscali account is the only email I have, where else could it be sent ?

molko
Team Player

"How did you change the password?" I issued a password reset, this is when I has access to the tiscali account i.e I had the password

Gondola
Community Star

OK, I see what's happening.

 

What I suggest you do, as soon as you get the Tiscali email account back in action, is create another free email account.  For example, a gMail or Yahoo email account. 

 

This is so that you do have at least one alternative email address to hand.  When the new TalkTalk mail is launched and your tiscali email is moved to the new platform you will be asked to create password recovery options using a mobile 'phone number and an alternative email address.  When you need password recovery you can then use the alternate email address to receive the password reset.  It will be the only way (along with the mobile number) to get password recovery as there will be no manual option offered.

 

But for now, there is a manual option.  The only downside is that you must prove you're the registered user of the tiscali email address.

 

What you do is double check that you've added to your Community Profile, Personal Information (Click here) your name, current address and phone numbers and then scroll down and add all of the following in the Private Notes area at the bottom of the page:

  • Email address affected
  • Your Full Name
  • Date of Birth
  • Landline 'phone number linked to the tiscali email address when first registered
  • Full postal address linked to the tiscali email address when first registered
  • Include your mobile contact number and times to call - daytimes when available in person to receive the password and speak to the email team
    (for security they won't leave a message with the password and they don't accept call backs)
  • Save changes.

TalkTalk's Community Team will verify the user details recorded for the email address and will confirm the next actions here.  The reply from the Team will be from Monday onwards as they don't normally work weekends.

 Gondola - Community support team

 To appreciate my help  . . .  If I offered a solution Best Answer

molko
Team Player

"But for now, there is a manual option.  The only downside is that you must prove you're the registered user of the tiscali email address."..........

 

And that my friend, is the hard part - you see, i set up the Tiscali account some 15+ years ago, in them days you didn't need to provide any ID at all. Since then TalkTalk have taken over Tiscali and things are a lot more regulated (as they should be).

 

So it seems its almost impossible to recover this account through a normal process.

 

Anyway the good news is that I have recovered my password - well, i say recovered it took me 80 login attempts (10 per hour) yesterday and I finally go it !!!.

 

So i'm pretty happy. I can now do what you suggest and create a secondary email account / mobile number etc in case it happens again.

 

Just makes me think of people who are in a similar postition to me - they are basically screwed !

You've been very helpful

 

Thanks

Gondola
Community Star

Hi molko

 

Great to know that you've remembered the password.

 

TalkTalk broadband customers have two ways of recovering a tiscali email account password. a) via MyAccount and b) via Password Reset with an alternate email address and mobile 'phone.

 

There is one very good reason why there should be no password change option using the existing email account and that's because if a hacker got to know your password, got into your email account (as they did) and then asked for a password change they'd be able to get that and fully take over your email account complete with a new password.

 

But for now, do keep your password safe and secure.

 

Scan all your devices with anti-virus and anti-malware.

 Gondola - Community support team

 To appreciate my help  . . .  If I offered a solution Best Answer

Community Team

Hi molko, I've replied to your other thread. I've raised the fault ticket for you.

Gondola
Community Star

Hi @OCE_Ady and @molko

 

Probably my fault for causing confusion here. Molko, your 'other thread' was removed from the live posts in Community because it duplicated the initial 'loss' of the password issue described in this thread.

 

Ady has replied to the offlined post, because it got flagged up in the Community Team workflow, and has requested a new ultra-strong password for you.

 

I hope that's ok.  So, just a heads-up to expect a call from the TalkTalk team on your mobile to run through security and give you the new ultra-strong password.

 

If you don't want to have a new password, now that you've discovered the original then do say.  My apologies for the confusion.

 Gondola - Community support team

 To appreciate my help  . . .  If I offered a solution Best Answer

molko
Team Player
No, please I do not want you to change my password without my knowledge - i'm guessing this is what you have done, i've just tried to log-in and can't ! I'm now locked out again !

Can you please put the password back to what it was
molko
Team Player

I'm mean this is pretty bad - I've been locked out of my account and now I need to wait for a call ?...When will that be ?

Community Team

Hi molko, I've asked Brendan to call you tonight after 6pm. If you want that call sooner please let me know. 

molko
Team Player

I'm still locked out.

 

"If you don't want to have a new password, now that you've discovered the original then do say." ....I did ask you not to change my password and you have.

 

I've been without access to this email account for two days now.