0

Account hijacked

My account of 4 years has been hijacked. Password changed, e-mail changed, and 2FA enabled after these changes. Also, my subscription was changed from monthly to yearly, due for payment on 24 September.  I was able to cancel that subscription, it was the only option that did not require my current password. All my profiles were deleted. 

I already had a logged on session in the browser, so I could still see this information.

The hijack was on me, since I did not have 2FA enabled and the hijackers probably used a reused password from a breach that I never got around to changing.

However, not receiving any notification that my password had been changed, not receiving notification that my e-mail had been changed (or even better, requiring a verification link from the old e-mail) or not having a cooldown period of a few days in which to revert the changes, that was on NextDNS. 

And not having any direct contact method for a paid service - this is inexcusable and I will not be returning to this service.

3 replies

null
    • bithip
    • 2 mths ago
    • Reported - view

    I recently changed my email address for one of my NextDNS accounts and don’t remember receiving any email notifications to my old email to approve the change. This might be a security feature they have overlooked implementing on the platform. I also hope they address this issue soon.

Content aside

  • 2 mths agoLast active
  • 3Replies
  • 184Views
  • 4 Following