Portal Admin Account Hijacked

RichardC1
Comes here often

Portal Admin Account Hijacked

We have a client that has dismissed their IT guy for disciplinary reasons, but before he left he deleted all but 1 admin account and then created a new one that has a generic email address.

 

This has effectively locked them out of the Portal as we cannot do a password reset due to the fact the email address is not one of the clients, so far we have tried several ways to reset but cant.

 

When we approached Meraki support all they could tell us is to do a password reset, but as stated we dont have access to the only administrator email configured.

 

What can we do to fix this without having to completely renew the licence and configure under another portal account?

9 Replies 9
PhilipDAth
Kind of a big deal
Kind of a big deal

You'll need to gather legal proof that you own the equipment (such as original invoices) and a copy of the police complaint with the allegation of what has happened and then then open a case with support to take over/back your organisation.

BlakeRichardson
Kind of a big deal
Kind of a big deal

As @PhilipDAth mentioned the process you need to follow is a legal process. There is no quick solution for this sorry. 

 

Meraki support have tough policies on this, they cannot just simply give you access because you say you are the owner you need to legally prove it as mentioned. 

 

Good luck and hope your can help the customer resolve this quickly. 

If you found this post helpful, please give it Kudos. If my answer solves your problem, please click Accept as Solution so others can benefit from it.
RichardC1
Comes here often

Thanks Guy's,

 

Makes sense will see what we can do to get the right documents to get this sorted, I hope they have reported it to Police.

Adam
Kind of a big deal

Was the new account he created a generic email address (gmail, yahoo etc) or one in your environment/domain?

Adam R MS | CISSP, CISM, VCP, MCITP, CCNP, ITILv3, CMNO
If this was helpful click the Kudo button below
If my reply solved your issue, please mark it as a solution.
RichardC1
Comes here often

It was a generic gmail account, funny thing I have found out this is the second company it has happened to In PNG the previous one replaced their MX with a Fortinet device but I think they could have the same issue if the admin decides to hijack it as well

CotyMick
Getting noticed

Can you remove your devices from the network (physically)? I'm not sure I'd feel comfortable having them on my network while someone else has control.

RichardC1
Comes here often

e have removed it but it being a MX device we have weakened there edge security so they are getting very nervous

BrandonS
Kind of a big deal


@RichardC1 wrote:

 

 

What can we do to fix this without having to completely renew the licence and configure under another portal account?


In case you have trouble getting the necessary documents I don't think this option will work because even if you created a new organization and purchased licenses you would not be able claim the devices that are attached to the current account.

- Ex community all-star (⌐⊙_⊙)
PhilipDAth
Kind of a big deal
Kind of a big deal

I concur with @BrandonS.  You can not add devices into a new organisation unless they have been released from the existing organisation.

 

This is my personal thoughts.  Lay a criminal complaint with the police.  Being a criminal complaint this is likely to result in the person being arrested and interviewed.

You'll be surprised what people will "cough up" under such circumstances.  I bet you'll have your access back faster than using any other method.

 

Get notified when there are additional replies to this discussion.
Welcome to the Meraki Community!
To start contributing, simply sign in with your Cisco account. If you don't yet have a Cisco account, you can sign up.
Labels