Just had a load of password reset emails

Pawnless Endgame

Pawnless Endgame

Pawnless Endgame

Soldato
Joined
10 May 2004
Posts
12,981
Location
Sunny Stafford
Is anyone else having this at the moment? Someone's just tried to log into my Gmail, Facebook, Curry's accounts and also on a gambling site. Gmail already has 2FA. FB didn't but I have now enabled it and changed the passwords on all 4 accounts. ASDA as well now.

A friend of mine just had 3 password reset emails for Just-Eat. And now their BT account.

Can anyone else here confirm if they're being attacked too. To see if this is isolated or widespread, and what I can do to buff up security?
 
Yeah, I'm in the process of changing my affected account passwords too. They tried my Tesco and Argos accounts too since I last wrote.

Checked with my family WhatsApp group and my mum said they tried her FB account too.
 
Dangerous Dave said:
Are you sure the emails are genuine ? Could be phishing emails attempting to get you to take links to fake sites off the email.
Click to expand...

I think they're genuine. They're now attacking some fairly obscure accounts I have such as Brewdog and Untapp'd. I'm beginning to think it's getting personal. Someone who knows me.

Alex_6n2 said:
Check your email address here: https://haveibeenpwned.com/
Click to expand...

I do check that site from time to time and my email address has never been pwned. Not even now, unless there is some lag and the database hasn't updated yet.
 
Thanks guys.

@Alex_6n2 - that root kit scan came out clean. The only change I've made this week IT-wise was installing a 2nd SSD into my laptop (my main PC) and it was brand new, unopened with the seal intact.

@mrbell1984 - good shout on using 1FA only. I did change mobile providers from Three to BT a couple of weeks ago and kept the same phone number that I've had for 20 years. I don't think the attacker knows my number though as they only get as far as attempting to log in and then asking for a password reset. As soon as I see those emails, I go onto the web site and change the password for each attempt.
 
Illuminist said:
Google, have I been hacked and use the avg one, enter in your email address and it will give you a report of which sites you are signed up to and which of those have been breached and had the data sold etc
Click to expand...

I Googled "have I been hacked" and it gave me a link to Avast, so I think you meant that instead of AVG? I tried it and it came out clean.

Diddums said:
They got in to my Mojang account yesterday, russkis according to the IP. They also cracked an old email address associated with that account, luckily Google blocked it.
Click to expand...

Thanks for that. I have an old AOL address linked to my Gmail, so I better change the password on that too.
 
Further to my previous post, I have been advised by AOL to disable any personal / security questions associated with the account e.g. what is my mother's maiden name. As security questions apparently make accounts more leaky.
 
Update: it's now almost 2 weeks in and me and my friend are still being attacked. We get attacked at the same time, so if my Steam account gets attacked at 11:18, then it happens to my friend at 11:18 as well. We think it's a botnet that is attacking hundreds of different accounts at the same time. Is there any way to stop this? We're both being hounded by password reset / verification emails and text messages. We have changed all of our passwords and set up 2FA for as many accounts as we can.

Also related to this, a DPD delivery for today got changed twice. Firstly to Wednesday and then to tomorrow. I called DPD and the operator said that it was me who changed it. I didn't! Anyway, it seems that if you have the tracking URL (www.dpd.co.uk with tracking number at the end), anyone can change the date. It doesn't ask for any security info. It's open to everyone! So I think the botnet got hold of that too.
 
You must log in or register to reply here.
Back
Top Bottom