Question about attempted hacks

Cavallino

Cavallino

Cavallino

Soldato
Joined
8 Dec 2004
Posts
15,054
Location
Hampshire
Wasnt sure where to put this folks, hope this is ok over here.

So recently Ive been on the receiving end of a massive hack attack including my main email address.
I have managed to recover it and check if anything malicious has been done so far I cant see anything.
What is scary is how they managed to hack my VM email address and also get my security question right and change it when they hacked it.

As I said Ive managed to get it back once more... but it begs the question and would welcome thoughts?
(First thing that comes to mind is trojans, phishing software etc, but malware malbytes says Im clean.

Banks/other accounts etc have been checked, all ok so far.

However one thing that I seem to be on the receiving end of, is Battle.net attacks.

I have setup 2FA already and ticked every security option available (SMS etc).

Despite this, I have just received notification of: Verification code sent to my email address as a request from a "forgot my password".
And following that a confirmation that my password has been changed on my account....

I do have 2FA on this account now so no further progress would have been made, but how the hell are the able to get through the verification code?

I have checked my email address for any forwarding addresses, again all clean.

Sorry if this is textbook hacking 101 to some of you (this is the first time Ive experienced this and Im not the most IT minded individual, appreciate any insights).

Thank you folks.
 
Create a new email address on outlook.com (with 2FA) and change everything to point at that, see if the attempts stop.
 
Thanks folks, Ive created a new email address and point battle.net to that.
2FA is still on.
Ive changed answer to security question.

Think basses should be covered?

But how the hell in the first place did they managed to change the password? This is what is doing my nut in at the moment.
 
Thank. Im dubious about entering details on this site .but I guess everyone had done this so should be no harm?

So if I find my email on this site .Will it also list what sites they have been attempted to be hacked?
 
Cavallino said:
Thank. Im dubious about entering details on this site .but I guess everyone had done this so should be no harm?

So if I find my email on this site .Will it also list what sites they have been attempted to be hacked?
Click to expand...
All that site will tell you is if that specific email address is in a list of data that has been taken from sites that have been compromised and has user information stolen over the years and it'll tell you which of the many lists it is in and the compromised sites that the data came from.
 
You should always be dubious about entering your info :) have a read of their privacy stuff first etc.......i know it can all be faked as such but i'm sure it will give you more confidence.

demonix is right, it tells you just that. Good to know though which sites you use(d) that have been hacked, opens your eyes a little, well it did for me even though i was aware of a few of the hacks.

EDIT: It also doesn't return data regarding sensitive breaches in the public searches.
 
Cheers folks.
This is what I love about this forum. Been here since 2004, and still something to learn from the wealth of information from its members. Thank you all.

So it turns out I have been "pwned" as per the above checker.

So I guess theres nothing for it but to go through all accounts, changing passwords, secret questions and the like?

Incidentally is it worth investing in the likes of 1password or equivalent? Does 1password also help with secret questions?

What is to say that 1password will fall to hack attacks and the master password compromised which could be even more catastrophic?
 
I use a password manager but only for non-critical websites - for anything that I really care about i use my own passwords and obviously nothing duplicated. Not sure about them helping with kba secrets though.

There's always a chance anyone or company can get hacked but i'd like to think the password managers out there have better processes when storing all these passwords but I have also recently started to manually add chars to my password once generated from the pw manager - use some kind of algorithm to add these chars that is easy to remember but should be difficult to guess.
 
Most sites that are deemed important have 2FA anyway so even if the PW manager is breached you shouldn’t have too many issues. You should enable 2FA on any site that has it as an option. Including things like VISA/MasterCard secure code.

The main advantage of using lastpass or 1password is that all of the sites you visit can have a unique password. Most people run into problems because they put in one password for everything. So when some small time retailer or site gets breached they also reveal their email or Paypal information.
 
Thanks folks.

Do PW managers have 2FA authentication as well? So even if you are compromised, someone logging in from a non-trusted device can be denied?
 
Yes, LastPass at least does and would be very surprised if the others didn't.

.....and if you want to go even further and help stop issues at the source you can check https://plaintextoffenders.com for any websites you use that have been reported for mishandling passwords........then personally check to see how they handle your password yourself by resetting it etc.
 
I just use lastpass and long ass passwords with every char type I can.

Annoyingly there are some sites that have restrictions like no symbols or no longer than 12 chars.
 
You must log in or register to reply here.
Back
Top Bottom