Beginning with yet another mobile phone mast outage (the price you pay for rural living) I was surprised to discover I had no signal when I went to town. A quick visit to the Orange shop led the ‘specialist’ to determine that my phone was broken. Despite it being 3 days out of warranty (call me unlucky Alf) I made a call to Orange myself (since the store staff wouldn’t do it) and they decided to send me a replacement. A couple of hours later they called to say that there was no need as my phone had been blocked. It took me a few more calls to find out why. Coincidentally at the same time as the mast outage (over 3 days), one person in London had managed to bypass Orange security and order a new phone (on a new 24 month contract), whilst a second person in a completely different place (Dagenham) had managed to order a replacement for a lost phone. Both were trapped in the system (though I was never contacted to inform me that my account may have been compromised).
Now the only way I discovered all this was because I just received a letter two weeks after the event welcoming me to my new contract which I thought was somewhat odd, especially as it had gone up by £15 per month.
I tried to sign in online and my password didn’t work. It turns out that someone had reset it. Worse than that I was able to reset it myself over the phone with very basic information – name, address, date of birth and one other simple piece of information from the pool of questions.
My case is currently under investigation since I have also been charged for a new handset (which Orange have kindly refunded), but the lesson is simple:
Get yourself equipped with a secure password system such as lastpass (lastpass.com) and make sure you tighten up where the service provider may exhibit poor telephone security.
Call your provider, reset your password and make sure that they flag it on the system to disallow the bypassing of a password using any other means.