hacked

MassiveJim

MassiveJim

MassiveJim

Soldato
Joined
22 Feb 2014
Posts
2,929
2 night ago my gmail account was hacked into somehow even though 2 factor is on
within the space of about 10/15 minutes they had logged into around 10 different accounts and changed passwords and in some cases the email as well
Ubisoft (still locked out of this)
Epic (still locked out of this and Epic haven't replied yet)

Then this morning on another email account I had notifications that someone has accessed my instagram (different email)

then about an hour ago I had a notification that someone had accessed my microsoft account (outlook.com email)

the 3 devices that I access the most are home computer, work computer and phone, work computer has been scanned with defender for viruses and found nothing
home computer currently scanning and so far about half way through and found nothing.


apart from re-securing the accounts affected what can be done, clearly these aren't password leaks as they need 2 factor alongside normal password entry.
 
I'm thinking money is their motivation. Call bank fraud team, cancel credit card and get new one. Start a habit of checking your credit report at clearscore.

I'd also reinstall windows just to be sure. Don't install browser extensions other than ublock.

Check https://haveibeenpwned.com/

Consider if you have a different password for each account, or reused passwords. Whether you stored passwords somewhere. See whether your credentials are free for anyone to find with a Google search.

2 factor has different types. App should be ok, SMS is not secure, email is no good if your email is compromised.
 
radderfire said:
Read this Google Support page:

Secure a hacked or compromised Google Account - Google Account Help

If you notice unfamiliar activity on your Google Account, Gmail, or other Google products, someone else might be using it without your permission. If you think your Google Account or Gmail have been h
support.google.com
Click to expand...
I've been through all of that already, once you log back in to your account google takes you to that page and I ran through every option, there was nothing I needed to change, so its annoying that they can still managed to log in to your account somehow.
throwaway4372 said:
I'm thinking money is their motivation. Call bank fraud team, cancel credit card and get new one. Start a habit of checking your credit report at clearscore.

I'd also reinstall windows just to be sure. Don't install browser extensions other than ublock.

Check https://haveibeenpwned.com/

Consider if you have a different password for each account, or reused passwords. Whether you stored passwords somewhere. See whether your credentials are free for anyone to find with a Google search.

2 factor has different types. App should be ok, SMS is not secure, email is no good if your email is compromised.
Click to expand...
I'll be trying to use app based 2 factor from now on,
All of the accounts they took over were gaming related (apart from instagram which I don't actually use anyway)
ie steam, humble bundle, epic etc.

I'll double check now, but I'm fairly certain none of the hacked accounts have any cards stored.

my facebook account was hacked a few weeks ago and the hacker ran an ad campaign on my account, facebook sorted that out though. and I removed all payment methods from the account.

oh just remembered that my partner had an email from google the day after me, telling her, that her account had suspicious activity, they hadn't tried to log in to any accounts with her email though.
 
Quartz said:
How did they manage that?
Click to expand...
I remember hearing about a security vulnerability with facebook a few years ago where they could somehow spoof or copy a session cookie or something relating to a logged in session on another computer to gain access to your account, I'm not 100% sure how it works but I assume this is something like that.

I can't login my google account anywhere without my phone.
 
I'd be interested to see which app you use for 2FA, as it's something I've never considered or looked into. But I have heard of scammers intercept SMS messages, which could be have they've gained access to your accounts.

If it were me, I'd reformat, create a new browser profile, create a new email address and create the longest password possible with a password generator. I agree this is a major pain in the butt, but I can't think what else would make me feel safe.
 
darael said:
If it were me, I'd reformat, create a new browser profile, create a new email address and create the longest password possible with a password generator. I agree this is a major pain in the butt, but I can't think what else would make me feel safe.
Click to expand...

Why a long password?

Surely you just want a secure one with mixed characters - length won’t change anything if one of his devices is compromised?


I get that they’ll be harder to brute force but I don’t think anyone is brute forcing passwords
 
MrRockliffe said:
Why a long password?

Surely you just want a secure one with mixed characters - length won’t change anything if one of his devices is compromised?


I get that they’ll be harder to brute force but I don’t think anyone is brute forcing passwords
Click to expand...
Most, if not all, password generators will use random characters, including characters. All of my passwords are random, lengthy and contain characters.
 
WARburton said:
this reminds me i need to sort out my passwords...
Click to expand...
I've been slowly going through some of mine and sorting out the ones from sites that now no longer exist. Any passwords I come across that look weak, I just beef them up as much as I can. It is a bit annoying that some sites only allow passwords of a limited length, like 12 characters, though.
 
Unless they had remote access to your active computer to which they can do whatever without you knowing and steal your session cookies etc then this should be impossible if Google's proper 2FA is enabled as you get multiple prompts before, during and after access from a foreign location is done or attempted so you'd know via a notification on your phone logged into a Google account and/or email in your primary mail account set up. So this seems they had access to your computer as you don't mention such notifications had come through until it was all too late when you realised what had happened if I read the OP right.

Could well be something you downloaded and ran on your computer allowed that access to take place.
 
First thing I would check would be
Your home router
Change the router log in details
Change wifi passwords
Look at router logs for things that shouldn't be there
If the logs are empty that would also be suspicious

Not done this stuff in years
But did once have a neighbour from hell
Anything using WiFi there's an inherent risk
 
mrk said:
Unless they had remote access to your active computer to which they can do whatever without you knowing and steal your session cookies etc then this should be impossible if Google's proper 2FA is enabled as you get multiple prompts before, during and after access from a foreign location is done or attempted so you'd know via a notification on your phone logged into a Google account and/or email in your primary mail account set up. So this seems they had access to your computer as you don't mention such notifications had come through until it was all too late when you realised what had happened if I read the OP right.

Could well be something you downloaded and ran on your computer allowed that access to take place.
Click to expand...
Yeh i'm thinking it was most likely malware

so assuming it was malware has copied a session cookie.
To resecure the account I would need to logout of all active sessions from my google account, this would then presumably render the copied session cookie useless ?
 
Last edited:
Clearing session cookies won't help much
Until you deal with possible malware
Or a possible wifi network breach
Otherwise new session cookies can be just
As easily stolen both by malware
And by wifi attack

Reinstall OS and change router access log in details
And wifi passwords and check router logs
Would be my approach
Even factory reset mobile devices
Bit extreme maybe but with an unknown cause
I would rather be heavy handed

Edit
Would also check for known vulnerabilities
Of the router
 
Last edited:
Do an offline scan of your drive first which scans for malware before the OS loads, MS Defender does have an option for this in the manual custom scan bit for offline scanning, it reboots then does the scan in its sandbox thing. If it can find and remove something then great but at this point maybe a fresh install is the best option but be aware that some malware does install on the drive's bootloader/MBR if I recall so a fresh install may not help until the malware is removed.

Not long ago some BIOS/UEFI were also compromised so unless you have done a BIOS update in a while then this could be something to investigate too.
 
You must log in or register to reply here.
Back
Top Bottom