Jump to content
Not connected, Your IP:

Credit Karma will deny logging in via AirVPN

Recommended Posts

Posted ... (edited)

Greetings, I searched the forum about this and surprised no one bring this up. I am not sure if you are familiar with Credit Karma (creditkarma.com), they are a free credit monitoring for USA citizens.

I stumbled an issue when I attempted to log in my Credit Karma account and always get an error “Oops, something went wrong while trying to perform your request. Try again later. We appreciate your feedback”. I never had an issue with logging via AirVPN before, the last time I did it was more than 6 months ago. I assumed it was the addons and the browsers (Firefox and Brave) and they are showing the same results. I contacted their member support via email and reported an issue with it. They responded that they discovered that I am logging in by a different device (not sure why they are seeing it as a different device since it the same device I been using). I suspected it was something to do with AirVPN. I deactivated AirVPN and attempt to log in, it went through just fine. I emailed back to their support and asked them about using VPN to log in my account is causing the issue.

They respond “After our security updates, you may not be able to access your Credit Karma account your account using a VPN. Because using VPN blocks the users IP address. Credit Karma requires access to the IP address to help prevent fraudulent access”. So, it is not the unrecognized device, it is the IP address that they detected is different. I tried again and logged in without VPN, then enable VPN while I am on my account. I would assume they would record the new IP address then log out. I relogged and it is blocked with the same errors. I went back in my account again without VPN and found that they have 2FA through SMS only. Yes, I know that using 2FA SMS is a bad security but that is the only option they have. I enabled 2FA and confirmed the code that they texted to me. In their security setting, it said “When you log in from any device that we don't recognize, we'll text you a code to verify that it's really you. This helps ensure that you're the only person who can access your Credit Karma account, even if someone else knows your password”.  Perfect, since it would detect something that they are not familiar with and they would prompt for 2FA with VPN active. You are thinking the same thing, right?

*Cue Dwight Schrute’s voice* FALSE! It blocked me from logging in my account even with 2FA enabled. I tried with different AirVPN servers; they still block the attempt to log in. Apparently, they block all attempt of logging in when they detect AirVPN server’s IP address regardless the IP address is changed. It sucks that I can’t log in my account with VPN enabled. My bank (one of the largest banking institutions in USA) saw a different IP address (via AirVPN server) and prompted MFA code and then it went through just fine.

Credit Karma will block all attempt to log in when I am using AirVPN, even with 2FA enabled.

EDIT: SHOOT! I forgot to add the server that I used. I don't remember what servers I used before. This first occurred last month, I remember it is Canada servers (I believe Pisces, Telescopium and Titawin. I am usually connected to those server when I use Canada option) I tried again today which I prompted the post. Today, it is Chalawan and Bootes.

Edited ... by NoiselessOwl
Forgot to add the server information

Share this post

Link to post
12 minutes ago, NoiselessOwl said:

Yes, I know that using 2FA SMS is a bad security but that is the only option they have.

It's better than no 2FA at all. Besides, the effort put into exploiting the weaknesses of SMS verification are less rewarding for catching 2FA codes than mTANs for example. With 2FA you only get access to some accounts. With an mTAN you can "earn" some money instead. Of course, both require the attacker to already have access to an account, so the attention should be turned towards good passwords or, if supported, even better, some black magic like FIDO2.

Which servers show this exactly?

» I am not an AirVPN team member. All opinions are my own and are not to be considered official. Only the AirVPN Staff account should be viewed as such.

» The forums is a place where you can ask questions to the community. You are not entitled to guaranteed answer times. Answer quality may vary, too. If you need professional support, please create tickets.

» If you're new, take some time to read LZ1's New User Guide to AirVPN. On questions, use the search function first. On errors, search for the error message instead.

» If you choose to create a new thread, keep in mind that we don't know your setup. Give info about it. Never forget the OpenVPN logs or, for Eddie, the support file (Logs > lifebelt icon).

» The community kindly asks you to not set up Tor exit relays when connected to AirVPN. Their IP addresses are subject to restrictions and these are relayed to all users of the affected servers.


» Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, chances are you will be unique amond the mass again.

Share this post

Link to post
1 minute ago, giganerd said:

Which servers show this exactly?

I ninja'ed edited my original post to add the server information when I realized I forgot to add the servers name before you replied my post.

Here my edited comment from my original post about the servers that I used in those. "SHOOT! I forgot to add the server that I used. I don't remember what servers I used before. This first occurred last month, I remember it is Canada servers (I believe Pisces, Telescopium and Titawin. I am usually connected to those server when I use Canada option) I tried again today which I prompted the post. Today, it is Chalawan and Bootes."

To be clear, Credit Karma are working fine with AirVPN. It is not blocked at all when browsing their site. It just that it will thwart any attempts to log in after giving my credentials while using VPN. It seem the log-in part is the problem.

Share this post

Link to post

It's quite normal that a company like  Credit Karma wants to block VPN IPs.  They're trying to protect identity so it would behoove you to show them your real location so that if somebody were to try to hack your account from another location they'd more quickly realize it's not you.

And really, it makes no sense to hide your IP from them when they know everything else about you necessarily. 

Share this post

Link to post

I perfectly understand what they are doing. to be clear, I don't only use VPN for accessing Credit Karma, I use VPN for other things. If I want to access Credit Karma, then I have to turn it off and look around to see what I want to see then turn it back on. It is just inconvenience and disruptive of my daily workflows.

It just that their security is taken to the extreme because my bank and other sensitive sites I used only care that I passed their MFA and then they know it is me. Majority of them are Authy and few here and there is email and SMS. I work from home and this is part of my daily thing to do.

Share this post

Link to post

Hello NoiselessOwl. Only to tell you that I had exactly the same problem. I believe the reason behind it is that I opened the Noodle (now Karma) account in a country different than the country I am in now. Basically Karma allows you the entry only from the country you have opened the account.
Yesterday I tried to log-in and I had your same error message. Previously it had worked fine.   
I checked for any DNS leak and WebRTC leak, but apparently everything was all right. Changed the bowser (Chrome, Firefox, Edge and Explorer), but no change.
Today I checked all the servers available and after several trials I finally managed to log in.
I believe that there is a blacklist of servers and that I finally managed to use the one which is not in the list.
I think that protections are becoming more sophisticated and also that in the event of any doubt about the origin of the request, the Karma server does not take risks and refuses the entry.
This is simply my experience and maybe my solution to the problem can help you. I understand very well your frustration of not been able to enter your legitimate account because of a dubious security feature. 

Share this post

Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

  • Security Check
    Play CAPTCHA Audio
    Refresh Image

  • Create New...