So on Tuesday there was a voice message on my phone saying that my Xnet account had been compromised and they had logged another connection logging in while I was connected. They suggested I call them when I got the message.


When I called them they didn't really have much info for me other than they thought that the connection was made through a RAN than was in the Auckland area where I'm located in the lower South Island. Also that there had been extra data usage. From what I could see there was about 10 - 15 gig downloaded at night which doesn't matter much as I'm on the torrent plan.


The things that concern me about the whole thing is the person would have needed to know my Xnet User name which is unique to Xnet and not used any where else (I don't use the Xnet email system). The person would have needed to know my password which is random numbers and letters. The other thing is the person would have to be a Xnet customer to have the tunnel to Xnet to use my account details and not with another ISP.


The only place I access my Xnet account is at home on my own computer or at work on my work computer which is only used by me as I am the System Administrator there. I've gone through both computers with a fine tooth comb to make sure they are infection free which they are. I also double checked my router (US Robotics 9108) to make sure it was still locked down, which it is. It can only be accessed to be configured etc via the internal LAN.


Being a Systems Administrator, when something like this happens I like to get to the bottom of it so it doesn't happen again. Any ideas?




On a side note when I called Xnet to return there call, they didn't ask for any of my details. No account number, my name or any security details to even verify who I was. I didn't even call from a phone number associated with the account. I feel that was rather slack of Xnet considering what had just happened to my account and then offering to change my password over the phone.