Hi!
I got hacked on my Reddit (the one I’m writing form) last month. I noticed it because of weird upvotes and comments in my timeline. They were definetly made by a person (NSFW stuff and shoes, seemed cohesive human behaviour) so I looked at the session locations and saw a sessions running in the US not having my IP. Changed my pw, logged out of all sessions and turned 2FA on (which I didn’t do before). Since then I had no problem.
I knew that Linkedin had a breach before September so I changed my pw and turned on 2FA in September. About a week or so after the Reddit hack my personal Linkedin got hacked. My account was turned invisible (others couldn’t see me) as a precaution of Linkedin I suppose after the hacker changed my profile pic to an AI woman. I still don’t understand how the 2FA didn’t help in that case? But again I changed my pw, logged out of all sessions and turned in my driver’s license to Linkedin and my account got restored within 24hrs.
Two weeks later (about three weeks ago) my personal Twitter acc got hacked and reposted one bitconnect like scam post. I had 2FA turned on and recently changed my password after the Linkedin hack. I changed my pw again, logged out of all sessions and nothing weird happened since.
Today my (own) company’s Twitter acc got hacked again and the same scam posts (from the same acc) got reposted. I have 2FA turned on but my password is from May or so. Changed the pw a minute ago and logged out of all sessions.
I used different pws on all accounts.
TL;DR: Why do I keep getting hacked? What do I have to do that it stops?
I have Bitdefender Antivirus on my PC. I was logged into Linkedin only on my PC, Reddit & my personal Twitter on my iPhone and my PC, into the company’s Twitter on my phone, my partners phone, my PC and maybe her PC - so the problem has to be on my PC!
Do I have a malware infection? Bitdefender full scan says no… Should I just run malware removal tools? Pls help 🥲
PS: I used three different email adresses for all accounts which are all not pwned on https://haveibeenpwned.com/
Try clearing browsers maybe it is cuz of some extension
Sounds like your email account is what has been compromised, change your email password, add 2FA and sign out all devices. then check there are no forwarding rules setup and that they don’t also have any other rules set.
Thank you for your suggestion!
I used three different email adresses for all the accounts but I also changed the pws of two of them as a precaution already. The last hacked acc was connected to the one adress where I didn’t change the pw. So I will change the pw of the last email acc too! 😊
But I have scanned my PC with Malwarebytes, Hitman Pro and Bitdefender and found & removed two Gen:Variant.Jaik.197725 trojan files from a screen resolution fix for Cossacks - Back To War I installed a couple months ago 🥲 So maybe it was malware!
If they are getting into accounts with 2fa then it would suggest your email is comprised or you have malware. Check your forwarding rules and reset email password. As others have suggested, scan your devices with multiple anti malware programs.
Thank you for your suggestion! 😊
My emails (used 3 different ones) all seem okay. Resetted their pws after the 2nd hack (except one). But I scanned my PC with different AVs and found/removed two trojan files - maybe that’s it!
Check have I been pwnd.
Maybe some accounts where leaked.
I just read the malware guide and it doesn’t look like I have malware. My CPU is running normally, there are no pop ups, no weird programs, no browser redirections.
I do not use Chrome but Firefox as a browser if that’s relevant.
If you use Google or Apple and on them the password manager changes the Google and Apple passwords
Did you change the password of your mail account ? maybe they have access to it ?
Change all password when in doubt, not only the service hacked.TL;DR: You do not use two factor.
- Use strong passwords. Min. 16 totally random characters, ideally 32+ from the entire lower UTF-8 address space. A decent password should look something like this:
óÒ$.ؽWk-!§µ/ajçVÍ«ãYïÆï¥"î1Æ·Ê> - Use a different password for every account you have.
- Implement non-SMS 2FA on all accounts. SMS 2FA is easily intercepted. You want non-SMS 2FA, a code generated by an app. Password managers such as BitWarden also have 2FA generation included in their paid tier.
- If possible, set up different eMails for different types of accounts (an eMail for all the usernames you use on eCommerce sites, for example), or if you own a domain name, a different eMail for each and every site. Plus addressing on a single eMail account that can handle it also does much the same thing.
- Store both passwords and 2FA in a secure place, like BitWarden or 1Password. Those two are currently the highest rated password managers available. Avoid LastPass and similar options. If you want free, Bitwarden does that, but you need to then go for a separate 2FA app; OTP Auth is my favourite on iOS, with Microsoft’s Authenticator being my go-to for all my Microsoft/Hotmail/Outlook accounts.
- Make your password for your password manager a long, easy-to-remember phrase, something that is 64+ characters long but which can be banged out by muscle memory in less than 5 seconds. This can be a favourite quote or a line from a favourite book. Use a completely different 2FA app for just that account if you’re storing all other 2FA in the password manager.
Wow, does a pw really need 16+ UTF-8 characters? 🥵
But all your tips are super valid!!! Thanks!
I got non-SMS 2FA turned on everywhere now, use three different emails and use no pw manager!
does a pw really need 16+ UTF-8 characters?
Not UTF-8, specificially, but min. 16 characters, definitely. Anything less than that is considered trivially crackable. And 16 may already be obsolete - bank on 20+.
But completely random passwords drawn from the full UTF-8 character set is what really helps with creating a complex password.
And honestly, that is why you should be making use of a password manager - because you really don’t want to remember more than a single solitary password - the one to your password manager. All the rest should be completely randomly generated, to the max that the service/password-field can take (but anything over 64 characters is typically extreme). You use a reputable password manager like BitWarden or 1Password to do the remembering for you.
But if my pw manager is hacked then all my data is lost at once? 🤔
Maybe that’s a discussion for another threat. But if feel suspicious about pw managers (maybe that’s stupid)
- Use strong passwords. Min. 16 totally random characters, ideally 32+ from the entire lower UTF-8 address space. A decent password should look something like this:
Dude, I’m had same situation! Right now my email is leaked on darkweb and Malwarebytes with Kaspersky couldn’t detect any malware, the only way is reinstalling Windows, do it and change all of your passwords and backup codes, and I’m bet that u will be safe, make sure checking passwords by logging in and out every two days and change passwords every 3 months, get a nice password manager. Good luck!
Don’t worry about it too much or you may get a bit paranoid about your cybersecurity like me.
I’m really trying to not get paranoid 😅 Maybe I am under-reacting to the thread but because I’m getting sporadically hacked since 2-3 months now and the hackers mostly didn’t do anything I still feel secure over here. But let’s see what happens in the future!
Wow you did A LOT of stuff to defend yourself!!! 😗 Thank you for your story/input!
Because I don’t have weird popups or scam emails flooding my accounts but just sporadic hacks made by obvious bots I will wait until I reinstall Windows for now.
I have scanned my PC with as suggested by others with Malwarebytes, Hitman Pro and Bitdefender and found & removed two Gen:Variant.Jaik.197725 trojan files from a screen resolution fix for Cossacks - Back To War I installed a couple months ago 🥲 So maybe it was malware!
But if the hacks continue I will definetly use some of your suggestions!!!
Well if your accounts have not been leaked then you could have malware/virus or some browser extension / add on that is stealing your saved passwords or when you log into somewhere.
Scan and check all web browsers extensions/addons/plug ins.
Best practice would be to use 2FA where possible. Generate passwords as complex as possible and use a password manager yourself to keep track of everything.
If possible, use unique user/pw where possible.
Don’t install crap on your devices, log out, clean cookies/cache etc.
Especially the last sentence is something I’m doing now: logging out of every session at the end, cleaning cookies/cache - good tips! Thank you!!! 😊
You can set up your browser to do this automatically, but this is just one step in becoming clean. You need to make sure that there’s nothing installed on your devices that might be fishy. Keylogger, trojans, viruses etc.
If you still suspect things to be strange. Clean reinstall!