Soldato
Over the years, I've been careless, complacent, foolish, overconfident, [insert other appropriate adjectives here] etc and have regularly reused passwords. I have my own domains and email is set up as catch all, so whilst each service/site has a unique email address (ie [email protected], [email protected], [email protected]), the passwords have tended to be the same.
A few months ago people started trying to access my accounts. Credentials had only ever been synced with Google, BitWarden and LastPass. Recent accounts have been accessed, so since BitWarden and LastPass haven't been used in years, and Google has 2FA set up, I can only assume that my desktop, laptop or phone have been compromised. I've scanned all three with multiple utilities and nothing significant has been identified. Whilst I have no idea how this happened, there haven't been any attempts to access accounts which have had passwords changed and/or 2FA set up, so I'm thinking that the breach isn't ongoing.
Getting banned from a few sites for posting spam and someone attempting to book a hotel this morning using my Avios points is the worst that has happened to date. Everything else has just been an inconvenience - I get an email regarding suspicious activities and then proceed to change credentials for that site.
Accounts that I believe/recall as significant have already been updated, but given that hundreds if not thousands have been compromised, it would be near impossible to update every single one and the chances of overlooking key ones is quite high (Avios account would be a prime example of this). Credit and Debit cards have also been changed. Not all services/sites alert on suspicious activity so who knows what is happening on/with some of my accounts.
What's the best way to manage the ongoing assault? Any advice/suggestions would be greatly appreciated
A few months ago people started trying to access my accounts. Credentials had only ever been synced with Google, BitWarden and LastPass. Recent accounts have been accessed, so since BitWarden and LastPass haven't been used in years, and Google has 2FA set up, I can only assume that my desktop, laptop or phone have been compromised. I've scanned all three with multiple utilities and nothing significant has been identified. Whilst I have no idea how this happened, there haven't been any attempts to access accounts which have had passwords changed and/or 2FA set up, so I'm thinking that the breach isn't ongoing.
Getting banned from a few sites for posting spam and someone attempting to book a hotel this morning using my Avios points is the worst that has happened to date. Everything else has just been an inconvenience - I get an email regarding suspicious activities and then proceed to change credentials for that site.
Accounts that I believe/recall as significant have already been updated, but given that hundreds if not thousands have been compromised, it would be near impossible to update every single one and the chances of overlooking key ones is quite high (Avios account would be a prime example of this). Credit and Debit cards have also been changed. Not all services/sites alert on suspicious activity so who knows what is happening on/with some of my accounts.
What's the best way to manage the ongoing assault? Any advice/suggestions would be greatly appreciated
![[FnG]magnolia](/styles/overclockers/avatars/9.png){kind=avatar}
