Should I be worried

[We Didnt_t start_the_fire]

I do get reguarly emails and account notification about security, but this morning 6 and more of my accounts at about same time required me to change password and go through recovery after it sign out and lock down from various services, MS, multiple google account. Apart from that steam have problem as well.

Twitter suspended(haven't used in 2 years), fb(which haven't used for a long time and almost an og account)suspended as well. 
I reviewed activities, nothing out of ordinary. except maybe on one account (unrecognised activity, but history shows logged in via it before 2 years ago which baffles me) but things do not add up.

What else should I do(apart from the change password), is there a way to know what's going on? should I be worried?

[Donut417]

13 minutes ago, We Didnt_t start_the_fire said:

is there a way to know what's going on? should I be worried?

Did you are do you use Last Pass? Because they cracked it. Norton's password manager I think was cracked as well.  Just saw that PayPal might have been hacked. All you can do is change you passwords and enable 2FA on all accounts. 

[Budget DIY]

I've also gotten spam, that someone logged into my instagram account. (which I had created over 5 years ago, and used only once) Gotten in in my hotmail.com spam folder. The used e-mail adres seemed to be valid, but the "not confirm username change" was an extremely suspect link.

 

My guess would be a round of scam spam. Am I worried for you? Yes, because you seem to encounter it allot. Am I worried about my own instagram account I only used once, 5 years ago? Nope. Because I don't care about that.

[We Didnt_t start_the_fire]

15 minutes ago, Donut417 said:

Did you are do you use Last Pass? Because they cracked it. Norton's password manager I think was cracked as well.  Just saw that PayPal might have been hacked. All you can do is change you passwords and enable 2FA on all accounts. 

No, I only used google's and apple's password manager. I kept looking into it, my outlook or ms account activity seems more suspect. But I dunno if it is them bouncing off stuff across or it is suspicious for real. Also is there inherant risk to Imap? These are not my IP adress, but just in case I removed some number. 

 

[We Didnt_t start_the_fire]

and it goes on for a couple pages still

 

[We Didnt_t start_the_fire]

40 minutes ago, Budget DIY said:

I've also gotten spam, that someone logged into my instagram account. (which I had created over 5 years ago, and used only once) Gotten in in my hotmail.com spam folder. The used e-mail adres seemed to be valid, but the "not confirm username change" was an extremely suspect link.

 

My guess would be a round of scam spam. Am I worried for you? Yes, because you seem to encounter it allot. Am I worried about my own instagram account I only used once, 5 years ago? Nope. Because I don't care about that.

It's from google themself security email. and sign you out of all devices and force you to change password. I have been hacked once before in facebook like at the early days, but pretty sure back then was on of my classmate who did it. And perhaps that is part why I never got into fb mucha and don't use it much(though still sad if I lose it, school memories still have some lol). Either I see it or not it is there.  This time it got completely suspended and twitter too, actually both twitter got suspended and the new one only 2 month old I think(was thinking making a bit of memes but never got to it and thus never used it). 

[TetraSky]

If they had access to your email, it means they also had easy access to all your other accounts.

I don't know if you have/had a keylogger on your device or if you logged into a unsecured device with your email, but it would certainly do that.

Best you can do is scan all your devices and factory reset your router just in case they got in there as well. Then change your password, starting with your email, to something unique. All of them have to be unique and not reused pwd. I would suggest Keepass or Bitwarden for the unique password creation.

 

Just in case, to not lose Steam... If you have bought a game outside of Steam and activated it on Steam with the game key... Save that game key somewhere to recover your account if they manage to "steal" it.

[We Didnt_t start_the_fire]

Update: Worse then I thought, I do have a bunch of steam transaction I do not recognise in foreign currency but weird enough it is only in 0.01 cents like 20 times and at the end trading card? Like didn't even know about trading card games of the games I play until now totalling .20$ and +.01 on my balance at the end. Weird, plus I have no payment methode linked. Tis weird. 

The worse part is my paypal seems have been comprommised and have buy I do not recognise.

[We Didnt_t start_the_fire]

3 hours ago, TetraSky said:

If they had access to your email, it means they also had easy access to all your other accounts.

I don't know if you have/had a keylogger on your device or if you logged into a unsecured device with your email, but it would certainly do that.

Best you can do is scan all your devices and factory reset your router just in case they got in there as well. Then change your password, starting with your email, to something unique. All of them have to be unique and not reused pwd. I would suggest Keepass or Bitwarden for the unique password creation.

 

Just in case, to not lose Steam... If you have bought a game outside of Steam and activated it on Steam with the game key... Save that game key somewhere to recover your account if they manage to "steal" it.

Now that I think about it and recover most of my stuff, and judging by the accounts I have, it may be an old phone I lost 3 years ago(that is another story). I dunno if the place the person who pick up the phone and give them have a policy of destroying the phones. I'll follow up with them. But although from the limited info I have google have that I can view says suspicious app on my__________computer name tried to access which make no sense and I do not remember having steam on my old phone. This just kept getting weirder. Running a virus scan(which I ahte bc they can't distinguish betwwen what I need such as vpn and what is actual malware and have manually do every single one), even so deleting some suspicious thing it is still so weird this whole things. 

[wanderingfool2]

6 hours ago, Donut417 said:

Norton's password manager I think was cracked as well.  Just saw that PayPal might have been hacked

Both of those were just credential stuffing, so not really the services being hacked (which really if someone had their accounts compromised there, they likely weren't using the password managers to begin with...or really didn't follow best practices).

 

Also, lastpass hack will greatly depend on a persons master password.

 

2 hours ago, We Didnt_t start_the_fire said:

Now that I think about it and recover most of my stuff, and judging by the accounts I have, it may be an old phone I lost 3 years ago(that is another story)

That's a possibility, it would be strange it would take 3 years though before they exploited it.  I'm guessing maybe just someone guessed your email password (if you reused it somewhere or something similar).  Then from there it's as simple as resetting your passwords (or if you were using google password stuff using that and just accessing your stuff).

 

As others said, setting up 2FA if possible.  Make sure to reset all your password (Starting with emails and Google accounts first).

[it_dont_work]

6 hours ago, We Didnt_t start_the_fire said:

should I be worried?

Worried or not,I'd be changing my passwords and setting up 2fa on everything I could.  It's not much work for peace of mind 

[Spotty]

6 hours ago, We Didnt_t start_the_fire said:

do get reguarly emails and account notification about security, but this morning 6 and more of my accounts at about same time required me to change password and go through recovery after it sign out and lock down from various services, MS, multiple google account. Apart from that steam have problem as well.

Twitter suspended(haven't used in 2 years), fb(which haven't used for a long time and almost an og account)suspended as well. 

Did you use the same password across the different accounts?

[We Didnt_t start_the_fire]

Apparently paypal just have a data breach, but still doesn't make sense. Feels kind a multiple attack from same source for me.

I'll have a update later and try to find more.

[Spotty]

3 minutes ago, We Didnt_t start_the_fire said:

Apparently paypal just have a data breach, but still doesn't make sense. Feels kind a multiple attack from same source for me.

That was a credential stuffing attack, a method where an attacker will use a list of usernames and passwords obtained from a separate data breach on other websites. Unfortunately some people use the same password across multiple websites so when hackers obtain a list of email addresses & passwords they will try those emails and passwords on other websites. If they have a list of a million emails & passwords they will eventually get lucky and find accounts that are reusing the same password.

It's not really accurate to call it a data breach. The attacker used the correct login credentials to access some accounts.

 

This has some more information explaining what credential stuffing is. https://owasp.org/www-community/attacks/Credential_stuffing

 

 

Did you reuse the same password for different accounts?

[Sarra]

I wonder if anyone got into my paypal account. I haven't logged in on it in 15 years, and my 'information' on it is far more out of date than that. I don't even use the same lending institution anymore... And I don't have access to the emails used to sign up for the account, anyway, since they were deleted years ago after too much inactivity.

[We Didnt_t start_the_fire]

Update: I am still trying to gather the information, I still have no idea if this is a targeted hack or a mass hack. I secured most of my accounts, one thing I noticed is my pc become buggy and fan run at 100% and when I open task management it says file explorer is taking 70%-90 of cpu runs. it is weird, then I got some app trying to start and a pop up window on, then I realised oh ok I may have a viruse or so, and I can't delete them. Then I installed a new anti-viruse bc the old one seems less capable(I know it before but it provide some other features)and then did delete some some of them(seems to delete some other files too make the system less stable) but seems to get ride of them for now. Then I find out my youtube uploading some videos that wasn't me, and one of my yt account suspended although I never upload shit really apart from maybe a game clip maybe years ago. Now I am getting less critical msg but consistent msg of other service security emails such as weath simple(they didn;t get in and I never yet used get on their platform and use the more traditional institutions platform) and others. 

 

As for paypal, I think I got back a unauthorised spendings. Yet my ms account kept getting foreign unauthorised sync, seing location most start from Ukraine and then jump away to all the countries and unsuccessfull sign in in other cities. I have their adress via paypal, I am thinking maybe they got paypal via those fitness app as I explain below but then some of the accoutn notification doesn't add up adn no one scenario fit all the hacks.

 

It feel strange, bc one moment it feel like the hack is all over the place, then targeted, then jsut massive data breach random tries. With steam being the most strange seems jsut someone somewhere in China and brazil(log in location) to jsut try steam somehow(my guess a internet cafe)?. I did watch did I get pawned and I did, but they have been data breach of years ago, I don't have much other account, mostly fitness apps and only 3. Then I wonder why only now, and so strangely? One moment feels like it is my older phone someone is playing with other times feels a massive random tries of the data breach credentials. 

[We Didnt_t start_the_fire]

On 1/23/2023 at 6:14 AM, Sarra said:

I wonder if anyone got into my paypal account. I haven't logged in on it in 15 years, and my 'information' on it is far more out of date than that. I don't even use the same lending institution anymore... And I don't have access to the emails used to sign up for the account, anyway, since they were deleted years ago after too much inactivity.

I got unauthorised payment made. I did contact paypal and flagged them as unauthorised. In the UK and I am not from the UK. The thing is I have all their address as they added them to paypal and I saved the address. Though I dunno what to do with it.  

[We Didnt_t start_the_fire]

On 1/22/2023 at 11:27 PM, Spotty said:

Did you reuse the same password for different accounts?

Maybe some, I am not too sure, I di have like 4-5 I use usually and rotate between them. Though some of the pattern of the hack fit that, some others doesn't. Still dunno and need to reserve a time to review everything.  

[Sarra]

3 hours ago, We Didnt_t start_the_fire said:

I got unauthorised payment made. I did contact paypal and flagged them as unauthorised. In the UK and I am not from the UK. The thing is I have all their address as they added them to paypal and I saved the address. Though I dunno what to do with it.  

There's no valid bank account tied to my paypal anymore. I don't even use the same bank that I used to. I guess I'm just not worried about it? I monitor my credit every other month, so I'd notice if my other identification information had been compromised.

[Spotty]

3 hours ago, We Didnt_t start_the_fire said:

I still have no idea if this is a targeted hack or a mass hack.

Do you think it's likely that Facebook, Steam, Paypal, Youtube, Microsoft, and others all suffered a widespread hack at the same time and you're the only person that noticed, or is it more likely it's your accounts that were compromised.

 

3 hours ago, We Didnt_t start_the_fire said:

ne thing I noticed is my pc become buggy and fan run at 100% and when I open task management it says file explorer is taking 70%-90 of cpu runs. it is weird, then I got some app trying to start and a pop up window on, then I realised oh ok I may have a viruse or so, and I can't delete them. Then I installed a new anti-viruse bc the old one seems less capable(I know it before but it provide some other features)and then did delete some some of them(seems to delete some other files too make the system less stable) but seems to get ride of them for now.

If your computer was infected with malware it's entirely possible they were able to steal your login credentials. Either by monitoring keystrokes, grabbing passwords saved in the browser, or stealing login tokens. Have you downloaded anything sketchy lately?

 

Use anti virus software to try and identify and remove the malware from the PC. Once you are confident your computer is free from malware change your passwords to all the sites and services. Even if you've already changed your passwords you will need to change them again if the malware was still on the PC it could have got any new passwords you set as well. Use unique passwords for each site that will not be easily guessed. Don't reuse passwords. Check your accounts for any suspicious activity and report it to the websites customer support. Check to see if any details may have been changed, like adding password reset secret questions that you don't know that may allow the hacker to regain access to the account after you change the password.

 

3 hours ago, We Didnt_t start_the_fire said:

It feel strange, bc one moment it feel like the hack is all over the place, then targeted, then jsut massive data breach random tries. With steam being the most strange seems jsut someone somewhere in China and brazil(log in location) to jsut try steam somehow(my guess a internet cafe)?. I did watch did I get pawned and I did, but they have been data breach of years ago, I don't have much other account, mostly fitness apps and only 3. Then I wonder why only now, and so strangely? One moment feels like it is my older phone someone is playing with other times feels a massive random tries of the data breach credentials. 

If you did have malware on your PC that stole your login credentials then that would explain why it is happening now. Data breaches from years ago can still be used to compromised accounts, especially if you reuse passwords and don't update passwords regularly. Login credentials stolen in data breaches can be sold and traded even years after the fact.

 

Haveibeenpwned is useful but it is very limited and most data breaches won't be identified there. Just because your email address isn't listed there or has limited breaches identified doesn't mean it hasn't been exposed in other data breaches; it just means that haveibeenpwned isn't aware of it.

Quote

My email was not found — does that mean I haven't been pwned?

Whilst HIBP is kept up to date with as much data as possible, it contains but a small subset of all the records that have been breached over the years. Many breaches never result in the public release of data and indeed many breaches even go entirely undetected. "Absence of evidence is not evidence of absence" or in other words, just because your email address wasn't found here doesn't mean that is hasn't been compromised in another breach.

 

[Mark Kaine]

just sounds like you are / were heavily compromised,  i would probably try to,  uh, start completely fresh accounts and dont connect them with your old ones, dont reuse passwords,  and never click on weird emails etc.

 

also be careful who you actually give your email address, make an extra account for random services that ask for your email.

 

 

oh yeah, and make sure you have no viruses on your devices, otherwise none of the above will really help.

 

[We Didnt_t start_the_fire]

@Spotty @Mark Kaine

It's worse then I thought, it feels absolutely targeted like someone is playing with me. Feel just someone is playing or feel like maybe a teenager doing for fun. I have been getting notification and verification code or successfull access from account's that I rarely use anymore or almost have no idea exist anymore and or thought they have been deleted. Not all at once but slowly getting more notification from various sites such as aliexpress, zoho(had no memory or little to what it was) and others from 11-15 years ago even , when I am still playing flash games. 

 

Edit added after: And just find out my netflix been changed to vietnamese and been accessed via vietnam. Seems they put their hand on my password manager on chrome and screencapture it? Dunno exactly what the malware is, but I ahve a suspicious it's a remote control, especially after the pop up of that if you wanna run that programm when I catched it.

(And I still haven't recover my paypal or my amazon account, need credit card verification and no idea where is my phisycal credit card(been a long time since I have to setup anything more) nor do I have my old number)

 

It is just so fucking inconvenient and annoying. Among them my youtube accouts, and yes, that sync and history is absolutely somethign to improve the quality of life even if I hate the recommand first page when it doesn't any new video style.