hacked

[MassiveJim]

2 night ago my gmail account was hacked into somehow even though 2 factor is on
within the space of about 10/15 minutes they had logged into around 10 different accounts and changed passwords and in some cases the email as well
Ubisoft (still locked out of this)
Epic (still locked out of this and Epic haven't replied yet)

Then this morning on another email account I had notifications that someone has accessed my instagram (different email)

then about an hour ago I had a notification that someone had accessed my microsoft account (outlook.com email)

the 3 devices that I access the most are home computer, work computer and phone, work computer has been scanned with defender for viruses and found nothing
home computer currently scanning and so far about half way through and found nothing.


apart from re-securing the accounts affected what can be done, clearly these aren't password leaks as they need 2 factor alongside normal password entry.

 

[MassiveJim]

Read this Google Support page:

Secure a hacked or compromised Google Account - Google Account Help

If you notice unfamiliar activity on your Google Account, Gmail, or other Google products, someone else might be using it without your permission. If you think your Google Account or Gmail have been h

support.google.com

I've been through all of that already, once you log back in to your account google takes you to that page and I ran through every option, there was nothing I needed to change, so its annoying that they can still managed to log in to your account somehow.

I'm thinking money is their motivation. Call bank fraud team, cancel credit card and get new one. Start a habit of checking your credit report at clearscore.

I'd also reinstall windows just to be sure. Don't install browser extensions other than ublock.

Check https://haveibeenpwned.com/

Consider if you have a different password for each account, or reused passwords. Whether you stored passwords somewhere. See whether your credentials are free for anyone to find with a Google search.

2 factor has different types. App should be ok, SMS is not secure, email is no good if your email is compromised.

I'll be trying to use app based 2 factor from now on,
All of the accounts they took over were gaming related (apart from instagram which I don't actually use anyway)
ie steam, humble bundle, epic etc.

I'll double check now, but I'm fairly certain none of the hacked accounts have any cards stored.

my facebook account was hacked a few weeks ago and the hacker ran an ad campaign on my account, facebook sorted that out though. and I removed all payment methods from the account.

oh just remembered that my partner had an email from google the day after me, telling her, that her account had suspicious activity, they hadn't tried to log in to any accounts with her email though.

 

[MassiveJim]

How did they manage that?

I remember hearing about a security vulnerability with facebook a few years ago where they could somehow spoof or copy a session cookie or something relating to a logged in session on another computer to gain access to your account, I'm not 100% sure how it works but I assume this is something like that.

I can't login my google account anywhere without my phone.

 

[MassiveJim]

Unless they had remote access to your active computer to which they can do whatever without you knowing and steal your session cookies etc then this should be impossible if Google's proper 2FA is enabled as you get multiple prompts before, during and after access from a foreign location is done or attempted so you'd know via a notification on your phone logged into a Google account and/or email in your primary mail account set up. So this seems they had access to your computer as you don't mention such notifications had come through until it was all too late when you realised what had happened if I read the OP right.

Could well be something you downloaded and ran on your computer allowed that access to take place.

Yeh i'm thinking it was most likely malware

so assuming it was malware has copied a session cookie.
To resecure the account I would need to logout of all active sessions from my google account, this would then presumably render the copied session cookie useless ?

 

[MassiveJim]

Do an offline scan of your drive first which scans for malware before the OS loads, MS Defender does have an option for this in the manual custom scan bit for offline scanning, it reboots then does the scan in its sandbox thing. If it can find and remove something then great but at this point maybe a fresh install is the best option but be aware that some malware does install on the drive's bootloader/MBR if I recall so a fresh install may not help until the malware is removed.

Not long ago some BIOS/UEFI were also compromised so unless you have done a BIOS update in a while then this could be something to investigate too.

Assuming I've done a clean install.
I just want to ensure the account is secure.

If I log out of all active sessions does that render any copied session cookies useless?

 

[MassiveJim]

How do we know this is the real OP posting this?

You never will

I have not read all the replies but change the password as well if you have not already.

Doing this should boot any sessions out as the stored details would be incorrect to log back in again

This was the first thing I did.

Started to go through other accounts now, as I use google password manager they now have access to every account password that I have pretty much.
Really looking forward to changing all of those

just had another thought, how would I know if they have accessed my google drive ?
I've logged in to it and there are no obvious signs, the last modified file was 4th June (a file which I changed)

 

[MassiveJim]

Having thought about this I don't think the hacker has even accessed my password list because if they had they wouldn't have needed to reset any passwords to get into my accounts.
I have changed the most important passwords anyway, but after several years on the internet the password list is very long I guess about 200 passwords looking at the list.

the only accounts I can't get back are Epic and Ubisoft

however since Epic said no to my requests I have managed to log in to my epic account with my xbox account so I have raised an account recovery but with extra information this time, hopefully that works. They don't respond quickly.

Ubisoft do respond very quickly but are completely useless, I have explained the situation to them, but they just come back with cookie cutter responses every time, along the lines of I haven't provided enough information.
the hacker has obviously changed the email on the account and they have sent a confirmation code to the email on the account, I explained that won't work and they haven't offered any other solution.
not too bothered about the Ubi account as the few games I have on there I don't play apart from anno 1404 occasionally and I just bought that on steam for less than £4


every other account apart from these 2 you can click a link on an email to undo email address changes and get your email reinstated to the account to get you back in.