Hello people my hotmail account has been hacked and they have changed my password and my 2fa security too on Microsoft sorry so now I can’t get in to my email address and it is my main email for everything like bank Xbox PayPal and etc i can’t even get in to my monzo as they have downloaded the app and got my email and have put it in and guessed my pin so now they are in my monzo account what can I do I need to get in to it
You didn’t have 2FA on if they could get into your email without it.
They can’t do anything in Monzo without your pin
Do they not need the card pin as well to get into the app? Funny we’ve had a few “hacked” incidents like this recently.
I figure OP was either referring to the backup contact info having been changed, or that the hacker has turned on 2FA.
ISTR that last time I logged in to my Monzo account on a new phone it asked me to enter my PIN before showing me anything. Think this change came in as part of the SCA changes. Unsure if it asks every time or not though.
When you sign in to a new device you’re asked for your pin number.
This all sounds very similar to this post where the person also had their email hacked and somehow someone got around the need for a pin.
Best thing to do is to either call the number on your card or contact Monzo via direct message on Twitter.
Well if there has ever been a great reason to have your 2FA on then the op is great example
If the op wasn’t fabricated then it would be. There’s no way the sequence of events happened as described. Without the PIN, no one could have logged into Monzo on a new phone. The op is either a troll or trying to intentionally damage Monzo’s reputation.
they guess my pin it was easy and is they anyway I can get the monzo email changed with out being longed in to so I can put my new email on it also I have tryed to recover my account from Microsoft but they won’t do anything as the 2 verification security is on and they have changed it somehow but going to call them tomorrow
Call the number of the back of your Monzo card
That’s one lucky guess at getting your pin correct
So they hacked his email and then guessed his 4 digital pin which is a 1 in 10,000 chance.
Calling BS on this
How was it easy? Did you set a poor PIN i.e. 1111 or your date of birth, or are you saying that you know how they cracked your PIN?
I was concerned so I decided to test this myself and there are some things that don’t add up.
- You must not have any security on your app, no biometrics or PIN to open the app?
- When you change your email address it sends you a verification email, upon opening it you need to enter your PIN
- If this was done on a new phone when you log in for the first time you need to verify it with your PIN
Therefore, for all of this to be true one of the following needs to have happened:
- Someone has guessed your PIN which is 1 in 10,000 chance so highly unlikely.
- You’ve been neglectful with your PIN. Either a weak PIN or you’ve exposed it.
I’m leaning towards #2 and since this is the one thing you’re supposed to safeguard it is likely going to be concluded that you were at fault - not the bank.
I’ve put aside the fact that they also hacked your email and guessed your password bypassing all security on there too. For example, location based, 2FA and brute force protection (guessing too many times incorrectly).
Pardon me for interjecting at this late stage, but I decided to test Monzo’s approach to mitigating a brute force by incorrectly entering my pin as many times as the system would allow, and may have accidentally ended up indefinitely locking myself out of my account since I can’t retrieve my ID during lockdown
Anyway, I believe by default, no one has any security on their Monzo app, so that’s not really the user’s fault.
In regards to asking for a pin when signing in on a new device, that doesn’t seem to always be true, or at least it didn’t used to a few years ago, but I don’t recall ever being asked whenever I would upgrade my iPhone either, though I could have just been on autopilot and not realised.
There is also no such thing as a “weak pin” as all pins have the same entropy, so it’s unreasonable to assign fault to the customer on the basis of their choice of pin, although commonly used pins, identifiable dates, or simple patterns should be discouraged, though not prevented. It’s been a while since I’ve researched this properly so the statistics may have changed, but it used to be, on the basis of probability, that 10% of PINs are guessable within 3 attempts.
I share your doubts, but it certainly isn’t impossible that this particular hack could happen, just improbable. To me, if their story is true, seems more likely they were phished into unwittingly providing someone with their security question answers for 2 step authentication and bank pin, unless of course the pin could have easily been deduced from their personal info once the hacker had access to the account.
Update: Regained access to my account! That was pretty decent support for Monzo, especially at 2am. Support replied within half an hour, advised me to take a photo of the floor for the ID step then proceed with the video selfie, and within a minute I was back into my account!
I’ve seen more realistic stories on Disney+
OP, are you going to be honest about all of this?
My email got hacked and I couldn’t log in so please help me out monzo
Hi Amri & welcome
The Monzo forum is a place where Monzo users and people interested in Monzo’ & Financial Tech discuss a wide range of subjects.
Unfortunately, no-one here can help with a fundamental issue of not being able to login to the app. Without access to the app, I can only recommend sending details of the problem to Monzo via email; email@example.com (using a secure email account)
Additionally, it might help to speed things up if you include a selfie with your ID documentation.
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.