I hope this is the right place to ask. Sorry if it isn’t.
So my brother got the typical ‘scam’ e-mail. The e-mail has the correct password of my brother and all the ‘‘I have access to everything, photos etc…’’. Now i get that this is probably a breach and his data may have once been leaked which is true because I checked it on https://haveibeenpwned.com/ . BUT here is the catch. His e-mail account, league of legends account, snapchat, old instagram account and battle.net account all got hacked. We can’t manage to login anymore and the password/username and even e-mail all got changed since we don’t get the login verification codes anymore to the e-mail he used (we were able to recover my brothers e-mail account with his backup e-mail account and we resetted the password instantly, we also saw here that there were successful login attempts into his e-mail account). We also have contacted Riot Games already since this is the only important one for him and hopefully we get that account back. We are also busy transferring every important account to a new e-mail account who we have secured in all possible ways. Now i know those e-mails are 99% a scam but since my brother actually got hacked on some accounts and even the one he uses daily (league of legends) I’m kinda scared the ‘scam’ e-mail may actually be true or is it bad timing? Can someone enlighten and help us please. My brother is panicking.
These emails are scams.
Sounds like someone targeted your brother, and potentially hundreds of other users caught up in a data breach. This is why you don’t use the same password for everything!
Step 1: Get your accounts back if possible
Step 2: You and your brother should create a Bitwarden account, and change every password to a randomly generated password
Step 3: Enable 2FA on every account possible, so if someone did manage to get your passwords, they won’t have your 2FA code
Let this be a lesson for both of you, internet security is important. We rely on online accounts and devices to live our lives in a digital age, so if you are lacking on internet security you will always be at risk for things like this.
For extra protection against data breaches look into SimpleLogin. It allows you to generate a unique email address for every account and it’s all linked to your main email account.
Hey, so same thing happened to me about 2 weeks ago, email was in 6 data breaches and unfortunately use the same password as well, hacked my email and started resetting all my passwords ( instagram, LinkedIn etc…) I eventually got him out to avoid them trying to scam my friends on instagram. And changed the email password set up 2FA, Authenticator app and passwordless email (best idea in my opinion). After doing all that I received the same exact email from some scammer and have read many stories just like this so I don’t think it’s a coincidence must be the same person that’s hacking you. Just make sure to set up a new alias to the email account so they can’t try to log in anymore or recover it. And set up passwordless email so it can only be entered through your Authenticator app. You’re going to keep getting spear phishing emails so BE CAREFUL and do not click any links, some of them will have usernames and gamer tags because of the info they picked up on you from the email. Also check any websites that might have your debit/credit info saved on it, I saw the hacker tried to buy some stuff online and wasn’t successful. I went nuclear and just factory reset my phone and got a new debit card, new email and permanently deleted the old email after I recovered all the accounts I could remember. Good luck if you need any help message me! PS: check the “blocked emails” list on your email, they must have added some to it, and check email forwarding as well.
He was the victim of a credential stuffing attack. You should never use the same password for more than one service, and this is precisely why. If he gets any of his accounts back, have him change his passwords to unique passwords on a per-service basis. Using a password manager (one with 2fa or an offline password manager) will make this much easier for him.
Thank you all so much for all the help and advice! We are relieved and are going to adjust the passwords and security with the ways u guys told us. Hopefully we can get the accounts back :).