Tata Neu / 1mg account hacked ? or how does it even happens

any idea how this could be possible?

@quantum @Mayavi @Bk100 @guest_999 @Random123 @kartikxxx

why number was switched off? sim swap fraud?

If your linked email is gmail than leaked gmail password on darkweb is used to login to Apps where gmail address is your username. You may be using same password for gmail and other apps or saving passwords in chrome browser 

Jarvis.-. wrote:

why number was switched off? sim swap fraud?

that was my secondary number which is normally used for all apps specifically, no bank accounts or credit cards are linked to that number. so I use that number/phone occasionally only when required , the phone was switched off hence 

aam_aadmi wrote:

If your linked email is gmail than leaked gmail password on darkweb is used to login to Apps where gmail address is your username. You may be using same password for gmail and other apps or saving passwords in chrome browser 

I haven't linked gmail account to 1mg/tataneu app, but had manually provided it, also taatneu/1mg doesn't ask for password to login right, it is based on OTP 

For the gmail account - I have enabled 2-Step verification, updated password and recovery email 

IamRage wrote:

I haven't linked gmail account to 1mg/tataneu app, but had manually provided it, also taatneu/1mg doesn't ask for password to login right, it is based on OTP 

For the gmail account - I have enabled 2-Step verification, updated password and recovery email 

Do you have access to email registered in the hacked 1mg account? Does it show any indications of unauthorised access or OTP received in trash or deleted items?

Try raising a return request for the delivered order.

Not sure how it is possible.

aam_aadmi wrote:

Do you have access to email linked to the hacked 1mg account? Does it show any indications of unauthorised access or OTP received in trash or deleted items?

Try raising a return request for the delivered order.

yes, I have access to that email, today I have enabled 2-step authentication and changed password.  it doesn't indicates any unauthorized login attempts and no OTPs receive nothing in spam/bin too
also 1mg / tata neu doesn't allow gmail login, there is no such option then how could have some gained access using gmail

IamRage wrote:
yes, I have access to that email, today I have enabled 2-step authentication and changed password.  it doesn't indicates any unauthorized login attempts and no OTPs receive nothing in spam/bin too
also 1mg / tata neu doesn't allow gmail login, there is no such option then how could have some gained access using gmail

Is their any 1mg login OTP recieved in your registered mobile number? Is your simcard active in that number? Getting calls and other SMS or not?

Check Google account security tab, for list of logged in devices and new login sessions as in below snapshot.

If you have the contact number of the delivery address, simply call the receiver and question him.

IamRage wrote:

any idea how this could be possible?

@quantum @Mayavi @Bk100 @guest_999 @Random123 @kartikxxx

It seems two people's accounts got messed up.

This is not a case of hacking/fraud as the person who ordered via cod and sometimes neucoins got auto selected.

It seems to be a tataneu issue.

--------

Old incident - i had faced a similar issue with Flipkart, same account but access was given to two people me and my friend, since he was my friend he informed me that something is not right. So i called fk cc and told them, they were unaware or unable to see anything, issue got resolved by it's own.

aam_aadmi wrote:

Is their any 1mg login OTP recieved in your registered mobile number? Is your simcard active in that number? Getting calls and other SMS or not?

Check Google account security tab, for list of logged in devices and new login sessions as in below snapshot.

Yes, I turned on the phone after charging it, there is messages from ONEMG, so the login was attempted via OTP. how could they get access to my sim 😨 
nothing unusual in gmail, all devices and login sessions are genuine 

IamRage wrote:
Yes, I turned on the phone after charging it, there is messages from ONEMG, so the login was attempted via OTP. how could they get access to my sim 😨 
nothing unusual in gmail, all devices and login sessions are genuine 

Some sharing software could have been installed by clicking on an unknown link or pop up scripts from porn sites.  Mobile Given for repair to a local technician?

Some apps can share all your mobile data including gmail messages, call details and sms even when mobile is switched off.

Check your device thoroughly for unknown app installed in settings. More serious issues can happen later. If anything appears suspicious, you should do a factory reset of the handset.

If order is appearing in your 1mg history, try to place return request. 

aam_aadmi wrote:

Some sharing software could have been installed by clicking on an unknown link or pop up scripts from porn sites.  Mobile Given for repair to a local technician?

Some apps can share all your mobile data including gmail messages, call details and sms even when mobile is switched off.

Check your device thoroughly for unknown app installed in settings. More serious issues can happen later. If anything appears suspicious, you should do a factory reset of the handset.

If order is appearing in your 1mg history, try to place return request. 

never gave for repairs, couldn't find any unknown apps
that phone is rarely used in last few months. used only for getting OTP's mainly 

kafi imandar hacker ha jo COD order kara

hamare to pay later sa kar deya😳

kartikxxx wrote:

It seems two people's accounts got messed up.

This is not a case of hacking/fraud as the person who ordered via cod and sometimes neucoins got auto selected.

It seems to be a tataneu issue.

--------

Old incident - i had faced a similar issue with Flipkart, same account but access was given to two people me and my friend, since he was my friend he informed me that something is not right. So i called fk cc and told them, they were unaware or unable to see anything, issue got resolved by it's own.

seems like fraud only

I called that person for whom the order was made, he is old aged person (age around 67 as per the medical report attached in the order). he is telling some 1mg agent had placed online medicine order for them and apart from that he doesn't have any idea

@aam_aadmi 

1mg team closed the case saying there is no possibility of this as app is secured via OTP and no cancellation or refund 

IamRage wrote:

seems like fraud only

I called that person for whom the order was made, he is old aged person (age around 67 as per the medical report attached in the order). he is telling some 1mg agent had placed online medicine order for them and apart from that he doesn't have any idea

@aam_aadmi 

1mg team closed the case saying there is no possibility of this as app is secured via OTP and no cancellation or refund 

Write a strong email to 1Mg customer care ([email protected] ; [email protected]), mentioning the conversation with the recipient and order was placed by 1mg agent who used your account and its neu coins, which amounts to fraud.

Name: Ms Siji George
Email: [email protected]
Phone: 08047485608

Name: Mr. Anubhav Mehrotra
Email: [email protected]
Phone: 08047485609

Telephonically call nodal officer and threaten them to lodge an FIR with cybercrime against 1MG, if you don't get any resolution within few days. Post the complaint with details on their Twitter handle to let others also know.

Although it is possible that 1mg agent may have used your dormant inactive account for a COD order for another person by telephone, without any intention of fraud and neu coins got adjusted automatically. It also justifies that your email & mobile is not hacked but your 1mg account used by their own executive. 

Try asking telephone number of 1mg agent from the reciever from his call history

aam_aadmi wrote:

Write a strong email to 1Mg customer care ([email protected] ; [email protected]), mentioning the conversation with the recipient and order was placed by 1mg agent who used your account and its neu coins, which amounts to fraud.

Name: Ms Siji George
Email: [email protected]
Phone: 08047485608

Name: Mr. Anubhav Mehrotra
Email: [email protected]
Phone: 08047485609

Telephonically call nodal officer and threaten them to lodge an FIR with cybercrime against 1MG, if you don't get any resolution within few days. Post the complaint with details on their Twitter handle to let others also know.

Although it is possible that 1mg agent may have used your dormant inactive account for a COD order for another person by telephone, without any intention of fraud and neu coins got adjusted automatically. It also justifies that your email & mobile is not hacked but your 1mg account used by their own executive. 

Try asking telephone number of 1mg agent from the reciever from his call history

Have already written a strong email to grievance officer asking certain details like mode of the order, current active sessions, current active devices etc. post the call also had provided the details of the agent who made the order, their latest reply was "we will get back to you with a comprehensive update on your complaint in the next 24-48 hours"

My tataneu account is not a dormant one, I am using regularly the last order was made on 9th Nov for which I had received the cashback  of 360rs which was used in this order but my concern is not the amount it is more on the personal data, health records and also my tata neu hdfc infinity credit card which is linked in this account which can get misused if my account/phone is compromised also the future cashback which I get from credit card.
Also it doesn't seems like a telephonic record, there were 2 health records attached in the order, how can they attach this if the order was a telephonic one else some real tata 1mg employee who has backend access had helped them to place the order

Bhai ye kisi internal bande ka kaam hoga.

Same happened with me in 2022 with bewakoof account. I had refund money in bewakoof wallet and someone gained access without sending otp. Later turned out that it was some employee of bewakoof / internal person who gave information about account with money to some hacker and hacker hacked using some backdoor. Because same thing was happening with many users having money in their wallet

Lol, the same scamer send me promotional msg in WhatsApp mentioning 1mg partner offer

Hi bro,If I use tata Neu infinity card of my friend in my tataneu app,who will get 5% neu coins for purchase on croma website.Any limit for 5% on card other than 750 neu coins for app purchase.plz reply.