Hacked!

[Guest]

At oh-dark-thirty this morning I got an email on my phone telling me that that my main Sonic.net account had been compromised and used to send spam all over the place. Got on the phone with support and took care of things. Thoughts:

1. Sending me an email to tell me that I can't use email seems a bit silly. The only way I knew there was a problem was that my phone uses IMAP push to check mail. Presumably in the fraction of a second between when Network Ops sent the email and the account became inaccessible, the phone was able to grab the message. If I had to rely on the POP client on my desktop box, I'd still be wondering why I couldn't get email or log into my account.

2. The Network Ops message told me to go to Member Tools and change my password. A fine idea, but since my account was locked, I couldn't log into Member Tools to use the Change Password tool.

Maybe it's time to make sure that account info on file includes alternative contact info--maybe another email address (Sonic or otherwise), cell phone, etc. Since I'm a DSL customer you've already got my landline number, but nobody gave me a call on that to tell me that there was a problem.

[kgc]

1) This is provide as much for auditing purposes as well as to make sure you've received the links to our password recommendations. It is also possible that the mail is forwarded, etc.

2) You can use the password reset tool without logging into to your account provided you are able to accept an automated call on one of your contact numbers and answer some other questions about your account.

We do have the ability to have an alternate contact address but it is not consistently used by all of our tools like this. (This is a long standing issue for us, and something that we continue to work on.)

[Guest]

Okay. I *thought* I'd gotten a phone call once before (context unknown) but I'm guessing it was some other problem than this particular issue.

[kgc]

I didn't mention that we also open a ticket internally and support will attempt to contact the account owner about the issue. You probably just beat them to it this morning.