200 alias is a long winded way to achieve mostly the same result as just one alias. You'll get more telemetry with more aliases if that's something you'll spend time on.
Help - I got hacked !
- Thread starter Mint8
- Start date
Yes, but it's the ease of setup that's key. Making a new Gmail account each time for the purpose of forwarding is much more time consuming. On Simplelogin I can create a new email in a single second.
The Gmail trick whilst okay still isn't great as it'll still need some form of your original email. Wouldn't take a genius to figure out removing some numbers to get to the real email that's more important to you.
Lot's of good advice here, unique passwords and enabling MFA where possible being two of the most important. I would also consider changing the password for your email account and checking that you have MFA enabled there. If you want a thorough check of your PC I would suggest using the Kaspersky Recovery Disk, https://www.kaspersky.com/downloads/free-rescue-disk it will create a bootable USB and allow you to fully scan your PC without interference from something like a rootkit which could mask malware.
There's many ways in which someone could have compromised your account, even a simple password reset if they've compromised your email account, once in it's trivial to delete the change notifications. Or they've simply used a spray attack utilising your email address with a range of pre-generated passwords gained from a previous breach, with something like this is trivial to make simple tweaks to known passwords mixing in different characters.
There's many ways in which someone could have compromised your account, even a simple password reset if they've compromised your email account, once in it's trivial to delete the change notifications. Or they've simply used a spray attack utilising your email address with a range of pre-generated passwords gained from a previous breach, with something like this is trivial to make simple tweaks to known passwords mixing in different characters.
Last edited:
If you're going to the extent of protecting your accounts, why would you pick something Russian made? Would you also trust installing Chinese security tools?
There are plenty of perfectly viable alternatives out there that don't come shrouded with the doubt that they could have ties or be forced to work with the Russian government.
Must give it a whirl.
Because some of us are smart enough to look past the cover, Kaspersky is a well respected large multi national corporation with one of the best malware detection engines on the market whos servers are based in Europe and who’s source code is open to review. That they are headquartered in Russia is unfortunate in the current climate.
I used Kaspersky for a few years and worked well
I got hacked because I clicked a link to "vote" for a game from someone in my freinds list who was already hacked. Got my steam account back and payed £0.20 for a game which I have not touched. Only had £3 on the account and no payment methods other than steam wallet.
Man of Honour
Clicking links to random votes, what I have learned is that people can't be trusted with tech stuff, so unless I vet any links anyone sends, then it gets ignored 
@Mint8
Did you manage to check the site https://haveibeenpwned.com/ ?
The only way this could have happened is if your two separate email addresses had already been compromised prior to you adding funds.
You have gone quiet since yesterday.
Did you manage to check the site https://haveibeenpwned.com/ ?
The only way this could have happened is if your two separate email addresses had already been compromised prior to you adding funds.
You have gone quiet since yesterday.
Yes - I have been quiet because I have been steadily working thru all the sites where i have sign-ons using those email addresses. I did check the links and both emails were on various lists - so lesson learned the hard way I guess.
Now waiting for 3 new credit cards to arrive and steadily working thru all the misc sites where i used those emails but which dont hold personal info/c cards etc.
In some good news both Steam and Playstation recovered my accounts and refunded the stolen funds in full ! Was pleasantly surprised by this and the speed in which their support teams both responded - so a big thanks to them.
The same can not be said of Virgin media that have the most convoluted and hard to understand user/email system going and offshore "support" that seemed as clueless as me !
Hopefully thats is the end of it now but admit I am still sat here waiting for something else to happen....
Thanks all for the replies etc.
Now waiting for 3 new credit cards to arrive and steadily working thru all the misc sites where i used those emails but which dont hold personal info/c cards etc.
In some good news both Steam and Playstation recovered my accounts and refunded the stolen funds in full ! Was pleasantly surprised by this and the speed in which their support teams both responded - so a big thanks to them.
The same can not be said of Virgin media that have the most convoluted and hard to understand user/email system going and offshore "support" that seemed as clueless as me !
Hopefully thats is the end of it now but admit I am still sat here waiting for something else to happen....
Thanks all for the replies etc.
Last edited:
Man of Honour
Worth considering using a manager that actively notifies you if a password breach happens. I use Firefox on everything and its built in Mozilla system generates random passwords on new registration forms for sites etc and can use Firefox Relay to give dummy emails that route back to your main one so a bot doesn't actually see your real email address.
Also the password manager is very robust and tells you which saved logins share the same password and if that password is part of a breach etc:
Yeah I still have a bunch listed as breached but these are ancient accounts I don't care about. All my active ones are on random passes and secured with 2FA so even if a botnet knew the password, there's no entry due to 2FA security.
Also the password manager is very robust and tells you which saved logins share the same password and if that password is part of a breach etc:
Yeah I still have a bunch listed as breached but these are ancient accounts I don't care about. All my active ones are on random passes and secured with 2FA so even if a botnet knew the password, there's no entry due to 2FA security.
A lot of sites are starting to add text validation to the email field on sign up forms. If you try to use the +trick, then it says it is not a valid email address.
Weird - I had no trouble at all with them. Whoever refunded me reversed around 15 transactions for World of Tanks and Steam Prime - all showing different user ID's.
The same on Playstation but this time for FC24 and other assorted rubbish.
Just to add - in changing my microsoft/windows login today I noticed there were 6 or 7 attempts to sign-in from various countries around the world this week - all failed - presumably due to the fact I had a passkey on the account.
Soldato
Dont also rely 100% on 2FA/MFA either as that can be bypassed. My sons Discord account was hacked and he had 2FA enabled. My Amazon account was hacked and 2FA bypassed. Luckily I got an email when a gift card was bought so I could stop it any further and Amazon gave me a refund. They wouldnt tell me though how my 2FA was bypassed. I now use a Debit pay card so its got a balance of £0.00 when I need to purchase something off Amazon I just load it with the amount and pay.
Associate
A good option for passwords to to have at least 3 random words seperated by fullstops or commas and a sprikleing of special characters awells makes they very hard to crack.
Soldato
I thought I got hacked in early november. Basically a well timed phishing email that I skimmed read and deleted before fully reading it that coincided with my Win 10 behaving badly after couple of failed windows updates, sending me into bit of a panic. Spent about 8hrs changing all my passwords, full new Windows install etc. Anyway got that email again a week later into Junk and once I read it properly I realised it was rubbish.
Only problem now is that I hardly remember any passwords and pretty much fully rely on password manager and 2FA, before that I at least remembered some of the passwords
Only problem now is that I hardly remember any passwords and pretty much fully rely on password manager and 2FA, before that I at least remembered some of the passwords