Need Advice About A Hacked Website

Cyclone · 28 Dec 2020 at 07:16

I signed up to a website last month, and using my debit card to access extra bits. (It's an NZB site so nothing pervy

)

But I had an email from the hacked site saying they got 'user/pass, email addy and last connected ip address' from the database they copied.

I will ring my bank and get my debit card sorted, but can the hackers gain anything from the IP number I connected with?? I mostly use the same user/pass on the majority of the websites I go on.

The above site is down at the mo for maintenance, so I cant ask on there.

Thanks in advance !!

Cyclone · 28 Dec 2020 at 07:30

Selekt0r said:
You really need to change the password on every other website if you use the same user/pass on each one - especially now that one is confirmed to be compromised. Use a password manager like Keepass or Lastpass to generate a different long/random password for each one.

Thanks for reply

So they can see what website i've been on from my IP?? I looked on my 'saved logins' and there's loads with the same info

I'll look at the password manager you mentioned

Cyclone · 28 Dec 2020 at 08:03

What a nightmare :eek:

Thanks guys

Cyclone · 29 Dec 2020 at 08:50

I've cancelled my debit card and ordered a new one.

In my Login section within Waterfox settings - I've changed all the passwords with the sites I frequent the most. There are a couple I'm not too bothered about as I havent used them in years.

And I've changed my email password.

I did install keePass. Seems easy in a complicated way lol

First time something like this has happened to me. When it was mentioned they got a copy of the IP number I used I automatically thought they could see every site I've been on. Ive gone super paranoid :eek:

Thanks again guys for the help/advice. Much appreciated

Cyclone · 29 Dec 2020 at 10:16

Belly said:
Hi, by this are you saying that the bona fide site, which was hacked, sent you an email or the hackers sent you an email? Must be worrying wondering if the email was spurious too.

From the bona fide site

Feek said:
You should change them as well, especially if there's any chance whatsoever that you're using passwords for them that you use elsewhere. It doesn't matter that you don't use them, they are a potential risk.

Thanks, I'll go through them and change them as well.

Bouton Aide said:
It’s getting to that stage now that people need to use 2fa/mfa with a password manager. Using one password on all sites is asking to be done over at some point.

Have to agree on this, after being kicked in the nuts (so to speak).

Thanks again guys.

Cyclone · 30 Dec 2020 at 07:56

AtaRo said:
Looks like they only found out about the breach when one of their disk failed last week.

I wonder how long their server were compromised with the key logger before they found out if not for the failed drive.

They said the 20th November. It's annoying to change everything but Ive learnt from it.