Do You Lose Cox.net Email If Tou Cancel Service

A Scottsdale Cox customer logged into her email and saw nine other people's accounts.

Something was definitely wrong when Elizabeth Dinnerstein of Scottsdale signed into her Cox email account late last month.

In addition to her ain mail, she saw the electronic mail accounts of nine other people — strangers — and she could open and read their messages. All of them.

She called Cox, and a customer-service representative told her the communications visitor would look into it.

A week subsequently, when she still had access to the strangers' emails, including bank statements, spam, personal messages, automobile registration reminders and everything else, she called Cox again.

When they told her again they would wait into it — a response she found highly unsatisfactory — she called The Arizona Democracy.

"I can see this lady's Chase bank statement!" she told a reporter equally she perused the stranger's emails that were mysteriously linked to her business relationship.

Dinnerstein immune a reporter to view her email and the 9 other accounts that were appearing on her account. After Cox tried to address the issue following her 2nd call, all ix still showed upwardly in her account, but messages and content were accessible in only three of them.

In those three accounts were emails containing credit carte and investment-business relationship information, mortgage statements, an social club history from Amazon.com and a variety of individual messages. All of the customers' sent letters and other email documents were accessible.

The curious situation was a new one for Jacob Prosser, a director of technology for Cox in Atlanta.

"Personally, this is the kickoff fourth dimension I've seen this utilize example," he said.

This screenshots was taken while logged into Elizabeth Dinnerstein's email account with Cox Communications. It shows she was able to access the accounts of nine strangers, including their inbox, sent messages, and personal files.

Dinnerstein said a customer-service representative told her the company had a backlog of similar complaints to address. Just a visitor representative after said that was a miscommunication, for which Cox apologized, and that no other such cases exist.

"I feel for Ms. Dinnerstein," Cox Vice President of Public and Government Affairs Susan Anable said. "It really is unfortunate what happened with her. We are pitiful the communication with her initially wasn't clear, and for that nosotros apologize."

Later on more than than a week, Cox somewhen was able to unlink all of the accounts except i, which different the others, was an AOL.com account. It is unclear if that electronic mail account is still in use.

'This all makes sense now'

Mike Tokle, who retired from law enforcement and lives in California, was one of the customers whose electronic mail was compromised and linked to Dinnerstein'south account.

Reached at his home by telephone, he said Cox did not call him to let him know his information was attainable to a stranger.

He may take received an email though. He hadn't checked. He canceled Cox a month ago, he said, but his e-mail account is active for another ii months, a courtesy Cox provides customers.

And so even though he has moved to a Gmail account, his Cox account — and all the messages in it — was still out there, accessible to whomever had the password.

He said that around the same time he canceled his Cox service, he began having problems with his Facebook, Amazon and other accounts.

"This all makes sense now," he said when told by a reporter that his email had been compromised.

Dinnerstein too said she had various accounts hacked, predating her recent problem with her e-mail.

How did it happen?

Prosser, the Cox technology official, confirmed the email accounts were linked, but said the consequence was non the company's fault, and that the 10 users all had their emails compromised by someone who was able to obtain their passwords.

"Because they had the credentials for other customers, they entered the email address and passwords i past one so it brought the email into their experience likewise," Prosser said. "Probably only to make information technology easier to manage, they had anybody they had compromised in one identify."

Prosser could not explain why someone would merge random customers' emails in such a way.

Dinnerstein and two technology experts contacted past The Republic were skeptical.

"A hacker didn't do this," Dinnerstein said. "Why would a hacker do that? And then he can go into all these accounts so they are all consolidated? That wouldn't be something they would do. They would link my business relationship silently to their own account. Not link nine others."

Prosser said that like any email provider, Cox customers frequently have their passwords compromised and have intruders access their electronic mail.

"Nosotros encourage customers to set strong passwords, regularly alter them and never share with others," Anable said in an email. "And if consumers meet suspicious action, they should contact their account provider direct, like Ms. Dinnerstein did."

Cox doesn't warning police force enforcement to such breaches, merely volition cooperate with whatsoever investigation brought to them, she said.

Calculator security experts skeptical

2 experts contacted by The Commonwealth to discuss Dinnerstein'south situation likewise had never heard of such a case, and both were initially skeptical that it was acquired by a hacker, maxim it sounded similar a trouble with Cox and the way it manages credentials.

Just Prosser remained determined that Cox did not inadvertently link the accounts, and they were instead intentionally linked by someone who obtained all 10 customers' passwords.

Ken Colburn, the founder and CEO of Data Doctors Computer Services, a franchised chain of repair centers, said the explanation from Cox was "feasible" but unusual.

"If it was a hacker, information technology is pretty unsophisticated," Colburn said.

Usually a hacker would try to access consumer data without doing anything to tip off the victim, like consolidating multiple email accounts into one.

Jamie Winterton, director of strategic research at the Global Security Initiative at Arizona State University, agreed.

"It is also not articulate to me what the motivation would exist for a hacker in this scenario," Winterton said. "For what purpose, right? Obviously Elizabeth was not the 1 hacking these accounts or she would not call you."

How to prevent getting hacked

Setting bated the question of how the electronic mail accounts were linked and why it took more than a calendar week for Cox to unravel the trouble, experts say there are steps all consumers should take to avert their accounts being compromised.

Winterton said that if the accounts really were compromised past someone who had all x passwords, Cox could accept prevented the problem past using a two-cistron hallmark. That's when a user not only must provide a countersign, merely besides a second, temporary password that is sent to them via text message or other ways.

"A unproblematic check via two-factor hallmark should exist employed in a situation where and then much personal information is at gamble for exploitation," Winterton said. "If 2FA had been employed, the victims would've gotten a text message, or an e-mail at another account, asking if they wanted to merge their accounts, and giving them the option to reject information technology. Certainly under these circumstances, they would've said 'no,' and this whole affair would have been avoided."

Colburn simply recommends not using a free email account with a company such as Cox, where the service is ancillary to their cablevision, internet and phone service.

He says that email programs at companies like Cox are non turn a profit centers, similar email is to companies like Google, and every bit such, they don't get adequate resources.

Colburn said Google'south Gmail service is superior in its consumer protections. Consumers who want to use a program like Cox or don't want to give upward an onetime, familiar e-mail address tin can set upwardly a Gmail account and take their Cox or other account messages forwarded to it, thus enabling all of the protections in the Gmail program.

Doing so nevertheless requires a potent password on the old account to prevent intruders.

To help set up and not lose challenging passwords, Winterton recommends using a countersign manager, a paid service that generates and saves complex passwords for customers, making it much more difficult for anyone to break into their online accounts.

"What nosotros cyber experts told people for a long fourth dimension was, don't tell anybody your password," she said. "Now we are telling you to tell your passwords to a password director. It took me a long time (to accept this change), too."

Has your email been hacked? Attain reporter Ryan Randazzo at ryan.randazzo@arizonarepublic.com or 602-444-4331. Follow him on Twitter @UtilityReporter.

Support local journalism. Subscribe to azcentral.com today.