Okay. Great questions notech! Yes there does seem to be contradictions. I am waiting on confirmation from the person that saw my info...to make sure i understand his side....but...this is the info I received and how I understand it.
The other customer (call him concerned) emailed me on Jan 15 saying that he can see my account when they log on using their log on credentials. Concerned said he had contacted Hughes several times to get this fixed and they had not fixed the issue, so he notified Hughes (jan 15) that he was filing a complaint with the FBI if he did not get a call back from them by Saturday the 19th. In that same email he said he would send me pictures of what he could see. In that same email he said this had been going on since November. Hughes did not call him by that day. I emailed Concerned back asking to see the pictures because we did not really believe this was true. Concerned sent me pictures that CLEARLY showed our account information. I let my husband take care of contacting Hughes to find out what was going on and honestly I am not exact about the date he did that. But most importantly.....hughes NEVER called us to let us know what was happening. Okay the above info is how I got my dates of what length of time things happened. Once I got involved with contacting Hughes....I was told by two different tier 4 tech guys that this problem was happening to several other customers too. In regards to the amount of info Concerned could see....well log onto your customer care account on Hughes......that is what they could see of MY info. They had complete control over all aspects of my account. They could have done some serious damage to my email and account.
When Hughes said the problem was fixed and I should re register....I tried to and could not because the Hughes system was not recognizing my SAN and phone number together. I called them back and told them....they called 5 hours later and said to try again....later that night I tried again...same error....the next day they said try again....same error....then I got a call from a group of people and they asked me to try again while I was one the phone. THAT time they mentioned....make sure you put the beginning letters of your SAN in all caps. Well..........I had not been doing that. I now got re registered. But after I got registered they said.....well is everything fixed now? Can you surf the Internet. I reminded them I could surf before they 'fixed' everything. I told them that i don't know if it is fixed because i don't know if Concerned can still see my info. They told me that they 'decoupled' our account from Concerned's account. So everything is now fixed. But then in the next sentence they asked me for Concerned's name. How did they decouple my account when they did not know who's account it was coupled with in the first place? They proceeded to tell me that this was an isolated issue with only my account, which I do not think is true, but anyway. Now the people on that call were VERY nice and helpful and respectful. I believe engineers and executives. I told them that my husband was going to ask me "what did you get for our troubles" (that is just how he is), so they gave me a credit of three months service.
Hey Upset, I was finally able to test the Gen4 customer care system. I looked at the information displayed and saw that the credit card info displayed the last 4 digits of the card. Can you confirm that was the same in the screenshots you received from "Concerned"? Like "wkell' said there is still a lot of personal info that is displayed that a scam artist could use but it does reduce the severity of the exposure.
Tried to test registration using lower case SAN but could not replicate the problem. When you were registering did you check the box next to "have customer ID' and provide it or did you just enter your phone number and SAN? Did you use a Hughes email to register or another service such as Yahoo?
These test were using accounts that were already registered successfully so will not replicate a first time registration.
Also tried providing valid/invalid SAN with different valid/invalid phone numbers but got errors each time that stopped registration. Maybe Hughes has fixed the issue with lower case SAN.
Did you get any response from "Concered'?
Wish Hughes would provide more info so I don't have to spend time debugging this and we can rest easy. Still no replies on the community board over there.
I got confirmation from 'Concerned' that they can NO long see our info. Thank goodness! Also, you are correct, only the last four digits on CC info was displayed. No I did not check the box, have customer ID during my re registration, and I used my hughes.net email account. Maybe they did get the upper case only for SAN number fixed. I don't know.....but it was crazy that no one pointed that out to me the FIRST time I got the error. Should they all be well versed in knowing that is a common issue. Thank you and have a blessed day!