cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 

Unauthorized Access, Telus Profile Locked

Myrmidon
Organizer

Hi All, I received an email from Telus to notify me that somebody tried unsuccessfully 5 times in a row to use my email address to log into My Telus (my account), resulting in temporary lockout. I would appreciate perspective to gauge the seriousness of this. How common is it? Have I been singled out? I have changed all passwords and will do so again just for peace of mind, but what more can I do? I have a call in with Telus Support to talk with them about it (there's a queue but they're supposed to call back shortly), but is there anything more that I can do, e.g., for protection, and to help catch and prosecute whoever is behind such activity? I would appreciate any thoughts.

1 ACCEPTED SOLUTION

xray
Hero
Did you change your password recently just before this happened?

While the lockbox is annoying and inconvenient your account should be safe if you used a strong password (8 characters min, mix of symbols, numbers and casing)

View solution in original post

11 REPLIES 11

xray
Hero
Did you change your password recently just before this happened?

While the lockbox is annoying and inconvenient your account should be safe if you used a strong password (8 characters min, mix of symbols, numbers and casing)

Thanks, Xray. 

  • No, I had not made any attempt to log in recently, much less change password (long overdue.)
  • I appreciate your response. When I described the situation over the phone yesterday, the technician said he would redirect my call to some organizational unit within Telus known as the "privacy group," but I was merely transferred back to the menu tree on the main support line, having the effect of 'making me go away.' Oh, well.

I'm setting some reminders in my calendar to make new strong passwords a few times over the next few weeks. I'll try to revisit this thread with an update if something related arises in days to come. Brighter day tomorrow... Regards

I'm not a proponent of changing password frequently. It's much better to stick with a really strong password that's impossible to guess.

I asked whether you changed your password recently because it's possible that some device you have with the My Telus app may have been trying to log in with the old password.

ExCTandS
Helpful Neighbour

I appear to have the same problem.  several attempts today, about 90 minutes apart.  My password is 32 characters long with both upper and lower characters and some numbers, randomly generated by a password generator, then further randomized by me.  I changed the password today too. Not so much worried about someone getting in as I am about the nuisance of an email every 90 minutes.  Is there a way to stop this. 

A search of "haveibeenpwned.com" shows a breach at Verifications.io, with my login e-mail as part of the data stolen.  I've never be to this site.

 

Ray

ExCTandS
Helpful Neighbour

Oh, forgot to add, I changed my password after these attempts started, but had not changed it for some years prior.

 

Ray

NFtoBC
Community Power User
Community Power User

It seems Telus.com is the new darling of the hackers.

I received a message at 2:45 this morning.

 

NFtoBC
If you find a post useful, please give the author a "Kudo"

The problem has little to do with your password as long as you have a strong password that hasn't been used on a hacked site. Changing it will have no impact on the problem. These attempts to log on are pure guesses using your email address and commonly used passwords.

 

I'm curious, are those of you seeing this problem using your telus email address for your login? I don't so maybe that's why I haven't seen it.

I'm wondering if Telus is actually having problems with their security system.  I've been getting these messages for the last few days and today I went to change my password and it turned into a big runaround.  After changing my password successfully I thought I should change my email address as well since obviously guessing your telus.net email address isn't that difficult.  But try as I might I couldn't change my email address to my other various non-Telus email addresses - kept getting a message from Telus that "something had gone wrong" - like duh! I know that.

ExCTandS
Helpful Neighbour
I realized the last password had not be compromised, In fact it was years old, and only ever used at Telus "MyTelus", but just changed it on spec. I never use the same password on multiple sites, even here, at Telus, between this forum, my Telus/Gmail e-mail, MyTelus, etc. Yes I use my email address as my login ID, Xray. . Kinda interested to see how long this bot keeps trying Credential Stuffing our accounts though. Read about credential Stuffing here: https://www.wired.com/story/what-is-credential-stuffing/ Ray

bimmerdriver
Organizer

I've received the same email message a few times recently. When you receive such a message, it's not because someone found out your password. It's because they didn't. Receiving such an email message is not a reason to change your password, unless you're using a password that could possibly be readily guessed by someone who is trying to gain access to your account. If you're not sure about whether your password could possibly be guessed, check https://haveibeenpwned.com/Passwords.

The hackers either get your email address from hacking other sites or use a computer program to go through all the xxxxx @ telus.net combinations randomly. If they don't know your login they can't lock you out.

 

Here are a couple of options that should help with this annoyance:

  1. Change the email address for your Telus account to a non-Telus email address that you already use like gmail, hotmail, yahoo, etc. The chance that a hacker would associate a non-Telus email address with a Telus account is slim. I use a non-telus email and haven't had the lockout issue at all.
  2. Add an email alias to your telus email address with the following format: [your initials][your account number] @ telus.net and use that as your account email address. Or use any other long format that is not guessable and is unique. Don't use this alias anywhere else for login or correspondence.