main_icn_My_Vodafone main_icn_Search main_icn_Chevron_right main_icn_Chevron_down main_icn_Close main_icn_Menu social-facebook social-google-plus social-linkedin social-twitter social-youtube main_icn_Community_or_Foundation main_icn_Location main_icn_Network_signal
Menu Toggle
Announcements
Keeping the UK connected is our main priority. Find out how we're doing thishere.
Close announcement

Other broadband queries

2 users logged into router problem. Hacked?

Highlighted
3: Seeker

Hi there

Hoping someone can help. I got an alert from my phone last night from Vodafone which said something about a man in the middle something or other but I didn’t know what it was so didn’t take much notice until I found out what it was!

I have been online today and changed all of my router passwords and checked Mac addresses that were connected to the router. However when I logged onto the router it said two users were logged in so I am worried about what is happening. 
how can I sort this problem? What do I need to do? I have Norton antivirus and use a Vodafone modem/router. Do I need to buy a new router? Do I need to change all my passwords again?

View more options
4 REPLIES 4
Highlighted
10: Established

I honestly don't think Vodafone would even know if you were the victim of a man in the middle hack and even if they did they wouldn't tell you. I don't think a modem could be affected by such a hack, it only happens if you are logged in through a 3rd party Wi-Fi connection, such as a coffee shop etc.

The 2 users are probably you logged in through different browsers or tabs.

 

This is just my opinion but I think the message was just some form of phishing scam.

 

View more options
Highlighted
16: Advanced member

I'm with Jayach on this!  I'd be examining the message that you received, and ensuring that you didn't follow any links in it as it could be an attempt at social engineering details out of you.  If you've used any links in the message to get to pages where you changed passwords, then I'd change them again.

I presume when you talk about the router password you mean the password associated with the WiFi SSID.  If not then changing it now should mean that any devices connected by WiFi will need to be given the new password (in this case do not use WPS).

 

I'd still be extra vigilant for a few days though, and if you suspect any card details may have been hijacked block and replace those cards.

 

*There is a situation where you get a DHCP request mismatched sync that on many routers can end up showing one device as two (or more).

 

View more options
Highlighted
3: Seeker

Thank you for your help!

The message came through as a notification at the top of my phone but I couldn’t find it in my notification centre once it has gone. I have made the broadcast hidden, changed the hub password and the wireless password. I didn’t clock on any links in the message. Your advice would now just be to monitor bank statements etc to check that nothing has been harvested and change any passwords? There’s nothing else I need to do? 


There were a couple of MAC addresses for devices I couldn’t find out what they were that had been logged onto the Wi-Fi and I have blocked these. 

View more options
Highlighted
10: Established

If you have locked down the router by changing both passwords there not much more you can do there. Fortunately most important online services require 2FA now so they should be safe.

You will probably find what the 2 MAC addresses are when something doesn't work.😄

View more options