Geekzone: technology news, blogs, forums
Guest
Welcome Guest.
You haven't logged in yet. If you don't have an account you can register now.


Forums2degrees (including Slingshot, Orcon, Flip, Stuff Fibre, MyRepublic, 2talk and Vocus)2Degrees unauthorised access to account
MattLNZ

4 posts

Wannabe Geek


#319058 18-Mar-2025 18:11

Not sure if anyone is in a similar boat, but I've received an email from 2degrees stating that my account was part of a data breach.
They don't mention how many accounts were accessed, they just say "Some". 

Pretty shocking from them.

I only have broadband with 2Degrees and after changing passwords, it appears they require a 2Degrees only number to be added to the account to be sent a verification code to reaccess the account. 

 

 

 

Advise changing your password asap if you have received this.

Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic
 1 | 2
l43a2
1784 posts

Uber Geek
+1 received by user: 591

ID Verified
Trusted

  #3354963 18-Mar-2025 18:32
Send private message

it sounds like they need to work better on bots trying random account combos.







RunningMan
9184 posts

Uber Geek
+1 received by user: 4834


  #3354964 18-Mar-2025 18:33
Send private message

Assuming that is a genuine communication, my read of that is YOU have been hit with a data breach, not 2degrees.

 

Your account has been logged on to using credentials from a different data breach where the same email/password combo was in use, which is why it is important not to share passwords across organisations.

 

Most likely your email address will show up in https://haveibeenpwned.com/ 

 

2degrees are advising you they've detected unusual logon activity and reset the password as a result.

 

Assuming that's the case, I don't think it's shocking of them at all.

freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3354965 18-Mar-2025 18:33
Send private message

I don't have all the official information yet but it seems to be a password stuffing attack - people reusing passwords.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 



freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3354966 18-Mar-2025 18:36
Send private message

If you received the notification most likely had their email/password combination leaked somewhere else. 

 

Check https://haveibeenpwned.com/ for email or password leaks.

 

On a side note, if you reuse a leaked password on Geekzone you will receive a notification and won't be allowed to login until you reset your password. We use the haveibeenpwned API to check for passwords. 




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

MaxineN
Max
2049 posts

Uber Geek
+1 received by user: 1662

ID Verified
Trusted
Subscriber

  #3354971 18-Mar-2025 18:45
Send private message

freitasm:

 

If you received the notification most likely had their email/password combination leaked somewhere else. 

 

Check https://haveibeenpwned.com/ for email or password leaks.

 

On a side note, if you reuse a leaked password on Geekzone you will receive a notification and won't be allowed to login until you reset your password. We use the haveibeenpwned API to check for passwords. 

 

 

 

 

Side note:

Is this API easy to setup and integrate?

 

 

 

On topic:

Ahhh fudgeballs.

 

 

 

Also I have no option to reset my password and my account is in the very very old CRM (aka siebel).

 

 

 

edit: Found the option but.


I think I broke it.




Ramblings from a mysterious lady who's into tech. Warning I may often create zingers.

RunningMan
9184 posts

Uber Geek
+1 received by user: 4834


  #3354977 18-Mar-2025 19:14
Send private message

MaxineN:I think I broke it.

 

 

Doh!

 
 
 
 

Shop now for Lenovo laptops and other devices (affiliate link).
tardtasticx
3084 posts

Uber Geek
+1 received by user: 483


  #3354985 18-Mar-2025 19:57
Send private message

Reused passwords and made worse by the fact that for the longest time 2degrees sales agents set a password for the customer, and it wasn’t required to be changed. Most agents were likely using the same password based on the one I was given (based on talking to family and friends who are also with 2degrees)

4n6expert
10 posts

Wannabe Geek
+1 received by user: 18

ID Verified

  #3354987 18-Mar-2025 20:11
Send private message

RunningMan:

 

Assuming that is a genuine communication, my read of that is YOU have been hit with a data breach, not 2degrees.

 

Your account has been logged on to using credentials from a different data breach where the same email/password combo was in use, which is why it is important not to share passwords across organisations.

 

Most likely your email address will show up in https://haveibeenpwned.com/ 

 

2degrees are advising you they've detected unusual logon activity and reset the password as a result.

 

Assuming that's the case, I don't think it's shocking of them at all.

 

 

That is how I read it.

 

Instead of it being "pretty shocking" on their part, it actually shows they are on to it by detecting it and acting quickly to address the problem.  The data breach notification would be on the basis that by accessing customers' 2degrees accounts the attackers may have obtained customer information stored by 2degrees.  They've acted responsibly by disclosing the issue PDQ even when it wasn't their fault.

 

Interesting that the attackers added a Prime Video subscription...

 

D.

snj

snj
305 posts

Ultimate Geek
+1 received by user: 221


  #3354990 18-Mar-2025 20:22
Send private message

4n6expert:

 

Interesting that the attackers added a Prime Video subscription...

 

 

I'm guessing they're activating the Prime Video subscription, then using the free Twitch subscription to bot subscribe to a channel they control, which allows the attackers to profit from the subscriptions.

RunningMan
9184 posts

Uber Geek
+1 received by user: 4834


  #3354991 18-Mar-2025 20:25
Send private message

tardtasticx:Reused passwords and made worse by the fact that for the longest time 2degrees sales agents set a password for the customer, and it wasn’t required to be changed. Most agents were likely using the same password based on the one I was given (based on talking to family and friends who are also with 2degrees)

 

 

That's concerning.

freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3355001 18-Mar-2025 21:18
Send private message

Ok, here is an official communication:

 

 

Our security team identified that a number of customers have had their My 2degrees portals accessed without consent. 
 
We suspect this occurred due to an unauthorised third-party obtaining email addresses previously linked to weak or reused passwords and using these to maliciously access customer's accounts. 
 
2degrees has not been the source of the data breach.
 
We have taken several steps to mitigate the impact of this on customers.
 
We have locked down those accounts we identified and forced a password reset.  We have blocked suspicious IP addresses attempting illegitimate access requests and taken other measures to protect our customers. 
 
When these customers log into their 2degrees account they will be required to set up a new password.
 
We are recommending customers update their accounts with a strong and unique password that contain a mix of letters, numbers and special characters. 
 
We also recommend customers check any sites which have used the same login credentials and update these.

 

 

 




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

HP

 
 
 
 

Shop now for HP laptops and other devices (affiliate link).
freitasm
BDFL - Memuneh
80646 posts

Uber Geek
+1 received by user: 41030

Administrator
ID Verified
Trusted
Geekzone
Lifetime subscriber

  #3355003 18-Mar-2025 21:19
Send private message

Seeing this is not a 2degrees data breach, I have changed the subejct in this thread.




Referral links: Quic Broadband (free setup code: R587125ERQ6VE) | Samsung | AliExpress | Wise | Sharesies 

 

Support Geekzone by subscribing (browse ads-free), or making a one-off or recurring donation through PressPatron.

 

MadEngineer
4591 posts

Uber Geek
+1 received by user: 2570

Trusted

  #3355004 18-Mar-2025 21:26
Send private message

Download via torrent any of the largest password dumps you can find then zgrep it for your email address. 

 

Tell us you recycle passwords without telling us you recycle passwords. 

 

While looking through the password dumps, discover that those that are doing this also have a bad habit of using very simple passwords. 




You're not on Atlantis anymore, Duncan Idaho.

michaelmurfy
meow
13579 posts

Uber Geek
+1 received by user: 10910

Moderator
ID Verified
Trusted
Lifetime subscriber

  #3355024 19-Mar-2025 00:54
Send private message

Hey @MattLNZ - I'm mentioning you as this is important.

 

It is highly likely you've been involved in a password breach. As above, please check your email addresses in https://haveibeenpwned.com/ 

 

Please cease use of this password ASAP and consider using a password manage to set random, secure passwords across all your sites. This is easy and here is a simple how to video for Bitwarden (the password manager I recommend) -

 

 

There is also a password manager likely built into the web browser you're using, on your phone etc but Bitwarden is fully cross platform and easy to use so I would recommend that above everything else.

 

I can't stress this enough - if you've got this email, you've likely been involved in a breach. If this password is used anywhere else (banking, email or anything sensitive) you need to go through and change these ASAP.

 

This also goes for anyone else who received this email. Please, take it seriously and use this reminder to secure yourself.




Michael Murphy | https://murfy.nz
Referral Links: Quic Broadband (use R122101E7CV7Q for free setup)

Are you happy with what you get from Geekzone? Please consider supporting us by subscribing.
Opinions are my own and not the views of my employer.

MattLNZ

4 posts

Wannabe Geek


  #3355063 19-Mar-2025 10:10

Thanks all. Looks like it is my account. I have secure password managers and 2degrees is one that possibly missed and never setup with my pw manager. I don't ever recall logging into their dashboard or even what the password was as everything is auto, billing etc. I was a customer since the Snap days.

 

After changing the password, I can't access my account so will need to contact their call centre.

 1 | 2
Filter this topic showing only the reply marked as answer View this topic in a long page with up to 500 replies per page Create new topic








Geekzone Live »

Try automatic live updates from Geekzone directly in your browser, without refreshing the page, with Geekzone Live now.


Updates »

Are you subscribed to our RSS feed? You can download the latest headlines and summaries from our stories directly to your computer or smartphone by using a feed reader.








RSS feeds
Main feed
Forums feed
Copyright
©2002-2026 Geekzone®
Site features
Geekzone BI dashboard
Geekzone Badges
Geekzone Status Page

 

Site Information
Subscribe to Geekzone
Privacy Statement
Forum Usage Guidelines (FUG)
Advertising
Trademark and copyright