Been hacked

Hello people my hotmail account has been hacked and they have changed my password and my 2fa security too on Microsoft sorry so now I can’t get in to my email address and it is my main email for everything like bank Xbox PayPal and etc i can’t even get in to my monzo as they have downloaded the app and got my email and have put it in and guessed my pin so now they are in my monzo account what can I do I need to get in to it

You didn’t have 2FA on if they could get into your email without it.

They can’t do anything in Monzo without your pin

Do they not need the card pin as well to get into the app? Funny we’ve had a few “hacked” incidents like this recently.

6 Likes

I figure OP was either referring to the backup contact info having been changed, or that the hacker has turned on 2FA.

@OriginalTurn3r - Method 2 on this article suggests that there is a form that can be filled out to report to Microsoft that your account has been hacked, even if you can’t currently access it.

ISTR that last time I logged in to my Monzo account on a new phone it asked me to enter my PIN before showing me anything. Think this change came in as part of the SCA changes. Unsure if it asks every time or not though.

4 Likes

When you sign in to a new device you’re asked for your pin number.

This all sounds very similar to this post where the person also had their email hacked and somehow someone got around the need for a pin.

Best thing to do is to either call the number on your card or contact Monzo via direct message on Twitter.

3 Likes

Well if there has ever been a great reason to have your 2FA on then the op is great example

1 Like

If the op wasn’t fabricated then it would be. There’s no way the sequence of events happened as described. Without the PIN, no one could have logged into Monzo on a new phone. The op is either a troll or trying to intentionally damage Monzo’s reputation.

4 Likes

they guess my pin it was easy and is they anyway I can get the monzo email changed with out being longed in to so I can put my new email on it also I have tryed to recover my account from Microsoft but they won’t do anything as the 2 verification security is on and they have changed it somehow but going to call them tomorrow

Call the number of the back of your Monzo card

That’s one lucky guess at getting your pin correct :thinking:

1234?

3 Likes

So they hacked his email and then guessed his 4 digital pin which is a 1 in 10,000 chance.

Calling BS on this :rofl:

2 Likes

How was it easy? Did you set a poor PIN i.e. 1111 or your date of birth, or are you saying that you know how they cracked your PIN?

I was concerned so I decided to test this myself and there are some things that don’t add up.

  1. You must not have any security on your app, no biometrics or PIN to open the app?
  2. When you change your email address it sends you a verification email, upon opening it you need to enter your PIN
  3. If this was done on a new phone when you log in for the first time you need to verify it with your PIN

Therefore, for all of this to be true one of the following needs to have happened:

  1. Someone has guessed your PIN which is 1 in 10,000 chance so highly unlikely.
  2. You’ve been neglectful with your PIN. Either a weak PIN or you’ve exposed it.

I’m leaning towards #2 and since this is the one thing you’re supposed to safeguard it is likely going to be concluded that you were at fault - not the bank.

I’ve put aside the fact that they also hacked your email and guessed your password bypassing all security on there too. For example, location based, 2FA and brute force protection (guessing too many times incorrectly).

1 Like

Pardon me for interjecting at this late stage, but I decided to test Monzo’s approach to mitigating a brute force by incorrectly entering my pin as many times as the system would allow, and may have accidentally ended up indefinitely locking myself out of my account since I can’t retrieve my ID during lockdown :see_no_evil:

Anyway, I believe by default, no one has any security on their Monzo app, so that’s not really the user’s fault.

In regards to asking for a pin when signing in on a new device, that doesn’t seem to always be true, or at least it didn’t used to a few years ago, but I don’t recall ever being asked whenever I would upgrade my iPhone either, though I could have just been on autopilot and not realised.

There is also no such thing as a “weak pin” as all pins have the same entropy, so it’s unreasonable to assign fault to the customer on the basis of their choice of pin, although commonly used pins, identifiable dates, or simple patterns should be discouraged, though not prevented. It’s been a while since I’ve researched this properly so the statistics may have changed, but it used to be, on the basis of probability, that 10% of PINs are guessable within 3 attempts.

I share your doubts, but it certainly isn’t impossible that this particular hack could happen, just improbable. To me, if their story is true, seems more likely they were phished into unwittingly providing someone with their security question answers for 2 step authentication and bank pin, unless of course the pin could have easily been deduced from their personal info once the hacker had access to the account.

Update: Regained access to my account! That was pretty decent support for Monzo, especially at 2am. Support replied within half an hour, advised me to take a photo of the floor for the ID step then proceed with the video selfie, and within a minute I was back into my account! :blush:

1 Like

I’ve seen more realistic stories on Disney+

OP, are you going to be honest about all of this?

1 Like

See here:

4 Likes

My email got hacked and I couldn’t log in so please help me out monzo

Hi Amri & welcome :wave:

The Monzo forum is a place where Monzo users and people interested in Monzo’ & Financial Tech discuss a wide range of subjects.

Unfortunately, no-one here can help with a fundamental issue of not being able to login to the app. Without access to the app, I can only recommend sending details of the problem to Monzo via email; help@monzo.com (using a secure email account)

Good luck :crossed_fingers:

Additionally, it might help to speed things up if you include a selfie with your ID documentation.

1 Like