Just had a load of password reset emails

Pawnless Endgame said:
Is anyone else having this at the moment? Someone's just tried to log into my Gmail, Facebook, Curry's accounts and also on a gambling site. Gmail already has 2FA. FB didn't but I have now enabled it and changed the passwords on all 4 accounts. ASDA as well now.

A friend of mine just had 3 password reset emails for Just-Eat. And now their BT account.

Can anyone else here confirm if they're being attacked too. To see if this is isolated or widespread, and what I can do to buff up security?
Click to expand...
Google, have I been hacked and use the avg one, enter in your email address and it will give you a report of which sites you are signed up to and which of those have been breached and had the data sold etc

I found it quiet alarming to see my logins being sold in a few places and on the dark Web
 
They got in to my Mojang account yesterday, russkis according to the IP. They also cracked an old email address associated with that account, luckily Google blocked it.

There's definitely something going on, whoever got in to my Mojang account also reset all my secret questions and changed the username.

I'd be more ****** off if they hadn't added a copy of Minecraft to the account for me :p
 
I had a password reset email from another forum a week or so ago, changed it to a stronger one as a precaution no more attempts at it or anywhere else think I'll change this place though just incase especially as its linked to the ordering side of the site
 
Illuminist said:
Google, have I been hacked and use the avg one, enter in your email address and it will give you a report of which sites you are signed up to and which of those have been breached and had the data sold etc
Click to expand...

I Googled "have I been hacked" and it gave me a link to Avast, so I think you meant that instead of AVG? I tried it and it came out clean.

Diddums said:
They got in to my Mojang account yesterday, russkis according to the IP. They also cracked an old email address associated with that account, luckily Google blocked it.
Click to expand...

Thanks for that. I have an old AOL address linked to my Gmail, so I better change the password on that too.
 
Further to my previous post, I have been advised by AOL to disable any personal / security questions associated with the account e.g. what is my mother's maiden name. As security questions apparently make accounts more leaky.
 
Pawnless Endgame said:
I Googled "have I been hacked" and it gave me a link to Avast, so I think you meant that instead of AVG? I tried it and it came out clean.



Thanks for that. I have an old AOL address linked to my Gmail, so I better change the password on that too.
Click to expand...
Sorry yes, I knew it was an anti virus company, my bad
 
By the looks of it this site has been hacked and i'm guessing OC store their passwords as plain text!!!

My password for this forum had been changed, so i've just reset my password and i'm hoping it wont get hacked again!
 
tuckenator said:
By the looks of it this site has been hacked and i'm guessing OC store their passwords as plain text!!!

My password for this forum had been changed, so i've just reset my password and i'm hoping it wont get hacked again!
Click to expand...

Do you know this because you use unique passwords for every website?

If so, someone in the moderator team needs to be informed..
 
tuckenator said:
By the looks of it this site has been hacked and i'm guessing OC store their passwords as plain text!!!

My password for this forum had been changed, so i've just reset my password and i'm hoping it wont get hacked again!
Click to expand...

I've not had any suspicious activity on my OC accounts, quite a statement to make that a) you think the OC site is hacked, and b) that they must therefore store passwords as plain text!

If OCUK was hacked and did that, then we would presumably be seeing a lot of people with problems right now.
 
Indeed.

Firefox has built in features with have i been pwned etc and will notify you within the browser if you're compromised on any of your accounts. It also have a whole bunch of other stuff for security so worth using/enabling.

Enable 2FA for the forum as well... You don't need any other AV other than the Windows 10 built in one which does the job just fine. You certainly don't need to pay for extra cyber security. Common sense is the best approach as with all things.
 
Alex_6n2 said:
Do you know this because you use unique passwords for every website?

If so, someone in the moderator team needs to be informed..
Click to expand...

As a rule I do use different passwords randomly generated (LastPass) as much as possible, although even that doesn't make you totally immune to being hacked into, but is far better than what most people do.

My old @hotmail.com address has been in numerous breaches, but has had very little real impact as I follow better password practices these days, and my financial stuff like paypal/banking is all done with 2FA.
 
Perhaps because it's is an old account, as it's an old password i don't use anymore anywhere but here. I cross referenced the password with my saved passwords and this site came up. When i tried to login with my password it told me it was not valid, as it had been changed by someone.

I then searched my emails from this website and found my registration for the forums (it was probably 2007 or so) and it emailed me my password back in plain text.

Perhaps i'm a one off case, but this thread peaked my interest.
 
Last edited:
mrk said:
Indeed.

Firefox has built in features with have i been pwned etc and will notify you within the browser if you're compromised on any of your accounts. It also have a whole bunch of other stuff for security so worth using/enabling.

Enable 2FA for the forum as well... You don't need any other AV other than the Windows 10 built in one which does the job just fine. You certainly don't need to pay for extra cyber security. Common sense is the best approach as with all things.
Click to expand...

2FA enabled, didn't realise it was an option on here. Cheers.
 
I just checked haveibeenpwned and the only one for me is Zynga poker which I do play from time to time.

Zynga: In September 2019, game developer Zynga (the creator of Words with Friends) suffered a data breach. The incident exposed 173M unique email addresses alongside usernames and passwords stored as salted SHA-1 hashes. The data was provided to HIBP by dehashed.com.

Compromised data: Email addresses, Passwords, Phone numbers, Usernames
 
Update: it's now almost 2 weeks in and me and my friend are still being attacked. We get attacked at the same time, so if my Steam account gets attacked at 11:18, then it happens to my friend at 11:18 as well. We think it's a botnet that is attacking hundreds of different accounts at the same time. Is there any way to stop this? We're both being hounded by password reset / verification emails and text messages. We have changed all of our passwords and set up 2FA for as many accounts as we can.

Also related to this, a DPD delivery for today got changed twice. Firstly to Wednesday and then to tomorrow. I called DPD and the operator said that it was me who changed it. I didn't! Anyway, it seems that if you have the tracking URL (www.dpd.co.uk with tracking number at the end), anyone can change the date. It doesn't ask for any security info. It's open to everyone! So I think the botnet got hold of that too.
 
You must log in or register to reply here.
Back
Top Bottom