Ive been hacked... help!

mistersprinkles

mistersprinkles

mistersprinkles

Associate
Joined
21 Apr 2016
Posts
1,967
Location
Oh Canada!
I've been hacked and I don't know what to do. Somebody has gained access to several of my accounts but thanks to two factor authentication they haven't been able to steal anything.

What should I do? I'm running some security scans to look for keyloggers.
 
sympathies -

Are router attack not exclusively dns redirection to a fake server, but I guess you have checked that - see here for example
You have only used one PC for accessing accounts too - no android/phone access ?
 
What exactly have they accessed?
Was it attempted access, or definitive access?
What did they do, soecifically and on what sites?

Do you access any of these sites from another location or device?
Are you logged in anywhere else?
 
so sounds like these were just failed login attempts to these accounts, so nothing stolen from home PC,
maybe email/provider was compromised.

and as Misschief originally said
MissChief said:
So two factor authentication should mean they can't get access at all? That's the point of it? Change your passwords after your scan.
Click to expand...
there is no partial, view only, account access
 
What on earth makes you think you have a 'router virus'? Even if you did have such a thing SSL encryption on all of those compromised websites should protect your passwords from being captured via your router.

Most likely explanation is that someone found your account listed somewhere, maybe with a password - hence why you should check https://haveibeenpwned.com/ to see if your email address was caught recently - it almost certainly will have been, Troy has a few billion records by now. Change the passwords to all of your affected accounts, and any others where you have used the same passwords, implement multi-factor wherever possible. Aside from that there's not a lot you can do.

I was hit by something similar recently - someone tried to log in to my Amazon account 5 times and failed. Either they didn't know my password or multi-factor was doing its job, so they didn't get in. I changed my password just to be safe and got on with my life.
 
Grab your self a password manager and create a different password for each of your accounts.

I wont be surprised if in the future MS add a password manager as a native app in Windows.

It's essential for proper password security, even if I don't use one for personal use. :o
 
Judging by the OPs other threads recently, he's probably got a lot more going on in his mind than having to worry about is his PC/laptop/whatever infested with a logger.
 
Nothing to worry about OP. Well, maybe a bit, but not anywhere near the amount you seem to be.

As said, the attackers will have gained your credentials/part of your credentials from another organisation that got hacked. When your passwords are stored, they are stored as hashes, which are a mathematical representation (called a hash) of your password put through a one-way mangling process called hashing. This produces a hash that is stored, and is compared to the hash of the password provided whenever you log in. If they're the same, you get to log in. What happens is that the database that these hashes are stored in becomes compromised by some nasty hacker types, who then use a very hardware intensive process to run through all the potential passwords, essentially guessing it eventually. This can take a long time if your password is long/complex, so sometimes it is be months before an attacker can process the entire database and then sell or publish the plain-text credentials.

Too long; didn't read:- hackers got your password off a hacked site, change your passwords and you'll be alright.
 
El Pew said:
Even if you did have such a thing SSL encryption on all of those compromised websites should protect your passwords from being captured via your router.
Click to expand...
pursuing the question of theoretical ways bank accounts could be breached -
with dual factor authentification, a key logger would be of no use to hack a bank account - since dual factor is authorizing just that one session ?
a viable hack ? with bank insider (so unlikely), generate an authorized certificate for the site and, via dns diversion, intercept and taken control of the session ? (they are improving certificate integrity)
 
Short answer as Im off to lunch, banks seem to be offering devices that generate a pin (keychain or calculator looking). As this changes over a short time frame its pretty unlikely you will get 'hacked'. The possibility of a 'bank insider' is even less likely to help them out especially as regular people dont have much in there to steal.

It is an area however banks are going to have to beef up in as fraud is on the rise and shifting into online rather than physical cash.
 
You must log in or register to reply here.
Back
Top Bottom