Have you got hacked recently?

DopeTech

My Google account that has 2fa enabled somehow got compromised, google pay (or card saved in Google wallet) was used to to try and buy things online. Luckily it got declined as they were too greedy. Then a few days later my bank card ends up with a Google play in app subscription 349.99 per week on it. Google has since refunded me but I'm still in the dark as to how somebody has managed to use these cards. Even with Google pay etc you need to type in the cv2 number so I'm racking my brain. I've updated all my passwords and new cards are on the way but has this or similar happened to anyone lately?

Edit: I should add that after the first suspect transaction I noticed 2fa had been turned off by someone and a device (phone) I didn't recognize had signed in to my account.

Canis Lupus

Fell for any phishing emails recently asking you to update your netflix subscription etc etc?

Wanderer78

Cnuts, know a couple of hackers, they're actually extremely talented, was considering getting into it when I was younger, realised how difficult it was, so didn't go any further, interesting stuff though, no need to be fcuking people over though, white/grey hat all the way

s1ippy

Someone in America bought a load of clothes and crap with my card from H&M when I was onstage during a show two years ago. When I rang the fraud squad they were like "and how do we know you didn't make the purchase?" "eh, well there were 500 people looking at me performing at x venue at the time."

bobbyy gee

Remove credit cards from sites . Change all passwords. Check computer for viruses

DopeTech

Canis Lupus wrote: »

Fell for any phishing emails recently asking you to update your netflix subscription etc etc?

I can only think of one email that I got recently that was a phishing attempt and I didn't click any links in it. It was for ebay, to tell me they believe someone may have my login details and that I should update my details immediately. I did update my login details but I did it by going to the browser myself and going to eBay.ie myself.

DopeTech

Wanderer78 wrote: »

Cnuts, know a couple of hackers, they're actually extremely talented, was considering getting into it when I was younger, realised how difficult it was, so didn't go any further, interesting stuff though, no need to be fcuking people over though, white/grey hat all the way

At least with yours if it came to it CCTV would probably been able to prove it wasn't you.

DopeTech

bobbyy gee wrote: »

Remove credit cards from sites . Change all passwords. Check computer for viruses

Have done all that. No viruses found on any of them. It's a pity Google cannot tell me more about the person who bought the in app purchase. Even what country they are in.

OU812

One of my kids Roblox accounts was hacked recently.

We have 2FA, & a complex 16 character password (alpha numeric, upper, lower, special).

In a matter of seconds they were able to get in, deactivate 2FA, set it up with a different phone (UK based), change the password and create a pin.

We were able to regain control of the account but only after they spent her Robux. and had messaged all her friends to subscribe to their YouTube account.

It was so fast it absolutely had to be automated.

I think there’s a new tool out there because I’ve since heard from several people that had email accounts etc hacked just as quick.

DopeTech

I believe they must have got into my Google account as even the email confirmations for the app purchase were in my Gmail when I looked back yet I never read them before so they must have marked them as read so the notification on my phone would disappear. Very odd the level of steps they are going to.

JeffKenna

Do you use public WiFi a lot? Very easy for someone to access your phone this way.

Mister Vain

I got a bill for 700 euros worth of uber transactions in Amsterdam that I didn't authorize. The same thing happened to my friend. A website we both used got hacked and our details were compromised. Thankfully we got our money back.

Wanderer78

DopeTech wrote: »

At least with yours if it came to it CCTV would probably been able to prove it wasn't you.

i dont have the abilities to do it anyway, i would like to know though, but it requires a lot of coding, and i fcuking hate coding

cj maxx

I thought i was when I saw pints from the imperial hotel on my card. I haven’t been drinking in Dundalk in years..
Then from the dates I copped it was the imperial in Galway. And yes I was drinking pints there

DopeTech

JeffKenna wrote: »

Do you use public WiFi a lot? Very easy for someone to access your phone this way.

No, maybe once a year in an airport but not this year.

DopeTech

OU812 wrote: »

One of my kids Roblox accounts was hacked recently.

We have 2FA, & a complex 16 character password (alpha numeric, upper, lower, special).

In a matter of seconds they were able to get in, deactivate 2FA, set it up with a different phone (UK based), change the password and create a pin.

We were able to regain control of the account but only after they spent her Robux. and had messaged all her friends to subscribe to their YouTube account.

It was so fast it absolutely had to be automated.

I think there’s a new tool out there because I’ve since heard from several people that had email accounts etc hacked just as quick.

I also noticed that an old Hotmail address I have looks to have a good few failed entry attempts via IMAP from countries all over the world. Perhaps that's a common occurrence though I'm not sure.

DopeTech

From https://haveibeenpwned.com/

Aptoide: In April 2020, the independent Android app store Aptoide suffered a data breach. The incident resulted in the exposure of 20M customer records which were subsequently shared online via a popular hacking forum. Impacted data included email and IP addresses, names, IP addresses and passwords stored as SHA-1 hashes without a salt.

Compromised data: Browser user agent details, Email addresses, IP addresses, Names, Passwords


I think this may have been how they got my details. I must have signed in with google.

Get a Yubi key.
No chance of any MIM attacks.

No but I’ve been using LastPass for a while now so my passwords are all insanely hard to crack, I don’t even know them myself bar the master password which is over 20 characters long. Also 2FA enabled and using Authenticators rather than text message for the vast majority of sites (that have 2FA that is).

da_miser

s1ippy wrote: »

Someone in America bought a load of clothes and crap with my card from H&M when I was onstage during a show two years ago. When I rang the fraud squad they were like "and how do we know you didn't make the purchase?" "eh, well there were 500 people looking at me performing at x venue at the time."

Was this at the famous Tijuana donkey show?

accensi0n

My box got rooted by the finger daemon.

Salthillprom

Yep. I've had an issue with someone known to me hack my accounts and change my passwords so I couldn't access my own accounts. When I clicked on the 'forgotten password' link, it said that a link to reset my password was sent to this other person's email address.

begbysback

Jaysus people, can everybody stop getting hacked.

DopeTech

Salthillprom wrote: »

Yep. I've had an issue with someone known to me hack my accounts and change my passwords so I couldn't access my own accounts. When I clicked on the 'forgotten password' link, it said that a link to reset my password was sent to this other person's email address.

Did you find out how they managed it? How they accessed your accounts?

Salthillprom

DopeTech wrote: »

Did you find out how they managed it? How they accessed your accounts?

Yeh they guessed my password is my hunch. It was an easy to guess password if you know me. It was stalker ish behaviour on the part of the individual. Strange person.

Errashareesh

My debit card details were used to make a purchase in Geelong, Australia last year or the year before, but I don't know that I was hacked - just a case of getting lucky with the right combination of card number, expiry date and the three digits at the back?

Esel

Errashareesh wrote: »

My debit card details were used to make a purchase in Geelong, Australia last year or the year before, but I don't know that I was hacked - just a case of getting lucky with the right combination of card number, expiry date and the three digits at the back?

That would be rarer than winning the lotto, tbh.

Ger Roe

Anyone ever check their email addresses on haveibeenpwned.com ?

A search can show details of known website hacks where your email details may have been taken from. It's usually not that you have been individually hacked, the info is more likely taken in bulk from somewhere else that you gave your data to.

Ubbquittious

The best way to avoid being the hackee is to become the hacker.

Lockheed

My mother has had to cancel her debit card the second time this year. I think it could be her google account/phone compromised as its the only factor that remained the same with both compromises. Fraud squad are refunding all money however (thankfully)

donspeekinglesh

Elliana Plain Hoagie wrote: »

No but I’ve been using LastPass for a while now so my passwords are all insanely hard to crack, I don’t even know them myself bar the master password which is over 20 characters long. Also 2FA enabled and using Authenticators rather than text message for the vast majority of sites (that have 2FA that is).

Same, though I use a YubiKey where possible, including for LastPass and Google.