Conspiracy Theory: Password hacking and attempted logins.

[SeanTwig]

I say this is a conspiracy theory because in this time of forced advertising I can't be sure of anything anymore.

 

Backstory:

I have had the same variation of a password since I was 13 (I am now 26). Bear in mind that this password is not a general word. It is a name of a very obscure creature from a very unknown book series I read as a kid. I change this around for the different sites, adding caps and numbers where needed.

 

Recently, I am getting notifications from places like Google, Ubisoft, Blizzard, etc that my account has been either hacked or there was an unsuccessful login attempt. Normally its from some random country in either Asia or one of the Eastern block countries.

 

What I want to know is if there are any of you lovely people who are getting these notifications lately. Obviously whenever there is an attempted login, I change my password completely but lately I am getting these "attempts" maybe 2 or 3 times a month.

 

My theory is that they are giving me these false attempts in an attempt to get me to sign up to their authenticators etc.

 

Let me know what your experiences are.

[TheBean]

i mean... i keep getting pasword reset request from roblox (lol) but nothing else.... go to haveibeenpwned and check if your emails/passwords have been leaked. That is VERY strage behavior for it to be coming from many different places. 

[jiyeon]

I've never had an unauthorised login attempt email/notification before for anything. I have 2FA wherever available, passwords which literally only I would know, and I reserve my own sensitive data if I have the option to. I'm not popular nor on-the-radar enough to have people try breach my accounts.

 

Yes, I take my online security far too seriously, but I digress.

[2FA]

I think you're a fool that doesn't realize your email definitely and probably password has been leaked through a database breach. I'm not trying to be ass about it, it's just that this is like the most naive thing I've read in the past week.

[Jurrunio]

they might have cracked through a server with your data in it instead.

 

Nothing beats having scammers use your own email address for phishing scams though, and that's what happened to me. I literally got a scam email from my own account....

[2FA]

1 minute ago, Jurrunio said:

they might have cracked through a server with your data in it instead.

 

Nothing beats having scammers use your own email address for phishing scams though, and that's what happened to me. I literally got a scam email from my own account....

Some scams intentionally spoof the email address with your own.

[SeanTwig]

3 minutes ago, 2FA said:

I think you're a fool that doesn't realize your email definitely and probably password has been leaked through a database breach. I'm not trying to be ass about it, it's just that this is like the most naive thing I've read in the past week.

I mean, that is why I am asking for some insight lol ?

 

My doubts come from the fact that I have never had anything come of it. They're just attempts and nothing happens. No money from my account. No password changes other than the ones I made. Nothing. Just an attempted login and that's it.

 

Very strange

[SeanTwig]

11 minutes ago, saksham said:

i mean... i keep getting pasword reset request from roblox (lol) but nothing else.... go to haveibeenpwned and check if your emails/passwords have been leaked. That is VERY strage behavior for it to be coming from many different places. 

Thanks for the suggestion. I will check!

[2FA]

Just now, SeanTwig said:

I mean, that is why I am asking for some insight lol ?

 

My doubts come from the fact that I have never had anything come of it. They're just attempts and nothing happens. No money from my account. No password changes other than the ones I made. Nothing. Just an attempted login and that's it.

 

Very strange

If your email address is just as old and isn't super important, I would suggest moving to a new email address. It helps with the automated login attempts by bots.

[SeanTwig]

1 minute ago, 2FA said:

If your email address is just as old and isn't super important, I would suggest moving to a new email address. It helps with the automated login attempts by bots.

I have one "throw away" address, but my main one (the one that has been targeted) is quite important as I have a business that links sort of to it. Although that business has its own email, many of my customers have my personal address.

[2FA]

1 minute ago, SeanTwig said:

I have one "throw away" address, but my main one (the one that has been targeted) is quite important as I have a business that links sort of to it. Although that business has its own email, many of my customers have my personal address.

I didn't say stop using it for actual email purposes, just stop using it with services.

[SeanTwig]

I just checked haveibeenpwned and it turns out there was a leak from Nexus Mods that might have leaked my email. Fuckin Skyrim mods! 

[SeanTwig]

21 minutes ago, SeanTwig said:

I just checked haveibeenpwned and it turns out there was a leak from Nexus Mods that might have leaked my email. Fuckin Skyrim mods! 

Also, does anyone know why I have supposedly been leaked from sites I have never heard of before? Like Disqus and Pemiblanc. Apparently my email passwords and usernames were leaked there too but I have never visited those sites?

 

Maybe its time I embraced the VPN meme LUL

[iLostMyXbox21]

38 minutes ago, 2FA said:

it's just that this is like the most naive thing I've read in the past week.

well, obviously you have not seen what i post on discord

[TetraSky]

The only emails of the sort I get, is from "Epic Games" where my account supposedly had a bunch of failed login attempt, so I should change the password by clicking their link... But that make no sense, because if they fucked up their log in attempt, it means my password worked at keeping them out in the first place, hence having no need to change it.
So I'm guessing it's just idiots trying to fish for Fortnite accounts using leaked emails+password they find online from other services that were previously hacked.

 

I use a password manager (keepass) and don't reuse a single password, all of them are between 16 and 32 characters long. (because some services still have a character limit of 16... ridiculous)

As for my email, I have 4 addresses that I use(but really only use 3 of them and just keep the last one as a "backup" of sort for recovery purposes... Professional email, personal email and throw away email), and all of them have two factor auth enabled and a unique password, not worried on that side of things either.

[SeanTwig]

57 minutes ago, TetraSky said:

I use a password manager (keepass) and don't reuse a single password, all of them are between 16 and 32 characters long. (because some services still have a character limit of 16... ridiculous)

Is there a subscription for that service? I just bought a car so I am fairly tight on expendable cash atm.

[Amazonsucks]

Jabberwocky? Bandersnatch? 

 

If its important and youre not using 2FA then thats terrible and youre asking to get hacked.

 

Also, your computer is likely full of malware, probs a RAT or rootkit. 

 

Run malwarebytes with rootkit detection enabled.

 

Password managers are also targets for hackers. Better off using an easy password with 2FA, writing down or printing backup codes and putting them in a fireproof safe.

[Amazonsucks]

2 hours ago, VegetableStu said:

if there's an attempted brute-force attack or a database leak, I'd change emails / login names as well I think ._.

Unless the provider is hacked(yahoo style) theres no need to switch emails. If he has access to the email and can purge everyone else from accessing it, it can be secured.

 

Once he has 2FA set up with backup codes and deletes any other "trusted devices" he should be secure.

 

I should note that all of this is a moot point if the device he logs in from is pwned with malware.

[SeanTwig]

2 hours ago, Amazonsucks said:

If its important and youre not using 2FA then thats terrible and youre asking to get hacked.

What 2FA should I be using then? I have seen some saying Google Authenticator and I use this for Uplay now. However, I don't quite get how it all works. Do I have to do things like unlog from my Facebook app on my phone and then manually sign in with 2FA every time?

 

I have also run malware checks on my system and I have no 3rd party apps installed on my phone bar things like Google Calendar and Inbox etc.

[Beef Boss]

I use different passwords for everything, three parts to them. What? You think I'm gonna tell you? 

 

I'd recommend changing your passwords sometime... Or at least start using different ones

[Sauron]

No password is safe forever unfortunately, and once one person finds it it will end up on a wordlist/dictionary for brute force attacks.

[Lurick]

In the past week alone I've gotten emails from Blizzard, Epic Games, Facebook, Google, PayPal, Bank of America, Linkedin, and about a half dozen other places that there are claiming invalid login attempts or that I have funds waiting for me, messages, etc.. There is just ONE problem. I either do not have an account at these places or that email address is NOT linked to those accounts and digging a little bit shows the emails coming from other sources.

[Underi]

>https://haveibeenpwned.com/

 

My email was leaked in 2016 thanks to Epic Games and their Unreal Engine forum. Thus, I got email from Google about someone trying to login into my rather precious Google account with the right password. If someone attempted to login with the right password it means that it was bruteforced, someone guessed it or it was leaked. Otherwise it's someone just guessing the passwords or something and you should activate 2 factor authentication and not worry.

12 hours ago, 2FA said:

Some scams intentionally spoof the email address with your own.

Ahaha, I got a message to my email from a gmail address that had my name on it about bitcoin investing. I don't even use my name on gmail addresses.

[Amazonsucks]

8 hours ago, SeanTwig said:

What 2FA should I be using then? I have seen some saying Google Authenticator and I use this for Uplay now. However, I don't quite get how it all works. Do I have to do things like unlog from my Facebook app on my phone and then manually sign in with 2FA every time?

 

I have also run malware checks on my system and I have no 3rd party apps installed on my phone bar things like Google Calendar and Inbox etc.

Google authenticator is good. 

 

https://en.m.wikipedia.org/wiki/Google_Authenticator

 

The TLDR is that the app on your phone continuously generates codes that are valid for a short time, and when you try to log into the account, it asks you for the code. Without the correct code, you cant get into the account even if you have the password.

 

Thats why you need a backup fixed code in case your phone breaks, preferably stored in a fireproof safe. Without a second factor, you cant get into the account.

 

You can tell the account(facebook, google whatever) to remember the device and not ask for 2FA codes if its your phone, or your PC that no adversary is going to have physical access to. You wouldnt want to do it, for example, on a public computer that someone could get into your account and steal the backup codes from.

 

I have 2FA on for everything that supports it. Its good opsec to use it. Text message based 2FA is going out of favor because the texts can actually be intercepted and the person being hacked wont even know they got hacked because the text doesnt appear on their phone, or can even be remotely deleted.

[Amazonsucks]

3 hours ago, Lurick said:

In the past week alone I've gotten emails from Blizzard, Epic Games, Facebook, Google, PayPal, Bank of America, Linkedin, and about a half dozen other places that there are claiming invalid login attempts or that I have funds waiting for me, messages, etc.. There is just ONE problem. I either do not have an account at these places or that email address is NOT linked to those accounts and digging a little bit shows the emails coming from other sources.

Your email likely got pwned. Do you have 2FA on? Have you removed access from all trusted devices? Someone else could be currently using your email account if you dont have 2FA on, and if they have set up a back way into your email or you have a RAT or rootkit on your computer, changing your password does NOTHING to stop them.