Jump to content
Not connected, Your IP: 3.83.188.254
NoiselessOwl

Credit Karma will deny logging in via AirVPN

Recommended Posts

Posted ... (edited)

Greetings, I searched the forum about this and surprised no one bring this up. I am not sure if you are familiar with Credit Karma (creditkarma.com), they are a free credit monitoring for USA citizens.
 

I stumbled an issue when I attempted to log in my Credit Karma account and always get an error “Oops, something went wrong while trying to perform your request. Try again later. We appreciate your feedback”. I never had an issue with logging via AirVPN before, the last time I did it was more than 6 months ago. I assumed it was the addons and the browsers (Firefox and Brave) and they are showing the same results. I contacted their member support via email and reported an issue with it. They responded that they discovered that I am logging in by a different device (not sure why they are seeing it as a different device since it the same device I been using). I suspected it was something to do with AirVPN. I deactivated AirVPN and attempt to log in, it went through just fine. I emailed back to their support and asked them about using VPN to log in my account is causing the issue.
 

They respond “After our security updates, you may not be able to access your Credit Karma account your account using a VPN. Because using VPN blocks the users IP address. Credit Karma requires access to the IP address to help prevent fraudulent access”. So, it is not the unrecognized device, it is the IP address that they detected is different. I tried again and logged in without VPN, then enable VPN while I am on my account. I would assume they would record the new IP address then log out. I relogged and it is blocked with the same errors. I went back in my account again without VPN and found that they have 2FA through SMS only. Yes, I know that using 2FA SMS is a bad security but that is the only option they have. I enabled 2FA and confirmed the code that they texted to me. In their security setting, it said “When you log in from any device that we don't recognize, we'll text you a code to verify that it's really you. This helps ensure that you're the only person who can access your Credit Karma account, even if someone else knows your password”.  Perfect, since it would detect something that they are not familiar with and they would prompt for 2FA with VPN active. You are thinking the same thing, right?
 

*Cue Dwight Schrute’s voice* FALSE! It blocked me from logging in my account even with 2FA enabled. I tried with different AirVPN servers; they still block the attempt to log in. Apparently, they block all attempt of logging in when they detect AirVPN server’s IP address regardless the IP address is changed. It sucks that I can’t log in my account with VPN enabled. My bank (one of the largest banking institutions in USA) saw a different IP address (via AirVPN server) and prompted MFA code and then it went through just fine.
 

Credit Karma will block all attempt to log in when I am using AirVPN, even with 2FA enabled.

EDIT: SHOOT! I forgot to add the server that I used. I don't remember what servers I used before. This first occurred last month, I remember it is Canada servers (I believe Pisces, Telescopium and Titawin. I am usually connected to those server when I use Canada option) I tried again today which I prompted the post. Today, it is Chalawan and Bootes.

Edited ... by NoiselessOwl
Forgot to add the server information

Share this post


Link to post
12 minutes ago, NoiselessOwl said:

Yes, I know that using 2FA SMS is a bad security but that is the only option they have.


It's better than no 2FA at all. Besides, the effort put into exploiting the weaknesses of SMS verification are less rewarding for catching 2FA codes than mTANs for example. With 2FA you only get access to some accounts. With an mTAN you can "earn" some money instead. Of course, both require the attacker to already have access to an account, so the attention should be turned towards good passwords or, if supported, even better, some black magic like FIDO2.

Which servers show this exactly?

Four simple things:
There's a guide to AirVPN. Before you ask questions, take 30 minutes of your time to go through it.

Amazon IPs are not dangerous here. It's the fallback DNS.
Running TOR exits is discouraged. They're subject to restrictions on the internet and harm all AirVPN users.

Furthermore, I propose that your paranoia is to be destroyed. If you overdo privacy, you'll be unique among the mass again.

 

XMPP: gigan3rd@xmpp.airvpn.org or join our lounge@conference.xmpp.airvpn.org

Share this post


Link to post
1 minute ago, giganerd said:

Which servers show this exactly?

I ninja'ed edited my original post to add the server information when I realized I forgot to add the servers name before you replied my post.

Here my edited comment from my original post about the servers that I used in those. "SHOOT! I forgot to add the server that I used. I don't remember what servers I used before. This first occurred last month, I remember it is Canada servers (I believe Pisces, Telescopium and Titawin. I am usually connected to those server when I use Canada option) I tried again today which I prompted the post. Today, it is Chalawan and Bootes."

To be clear, Credit Karma are working fine with AirVPN. It is not blocked at all when browsing their site. It just that it will thwart any attempts to log in after giving my credentials while using VPN. It seem the log-in part is the problem.

Share this post


Link to post

It's quite normal that a company like  Credit Karma wants to block VPN IPs.  They're trying to protect identity so it would behoove you to show them your real location so that if somebody were to try to hack your account from another location they'd more quickly realize it's not you.

And really, it makes no sense to hide your IP from them when they know everything else about you necessarily. 

Share this post


Link to post

I perfectly understand what they are doing. to be clear, I don't only use VPN for accessing Credit Karma, I use VPN for other things. If I want to access Credit Karma, then I have to turn it off and look around to see what I want to see then turn it back on. It is just inconvenience and disruptive of my daily workflows.

It just that their security is taken to the extreme because my bank and other sensitive sites I used only care that I passed their MFA and then they know it is me. Majority of them are Authy and few here and there is email and SMS. I work from home and this is part of my daily thing to do.

Share this post


Link to post

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.
Note: Your post will require moderator approval before it will be visible.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

Loading...
  • Security Check
    Play CAPTCHA Audio
    Refresh Image

×
×
  • Create New...