Hi!
I got hacked on my Reddit (the one I’m writing form) last month. I noticed it because of weird upvotes and comments in my timeline. They were definetly made by a person (NSFW stuff and shoes, seemed cohesive human behaviour) so I looked at the session locations and saw a sessions running in the US not having my IP. Changed my pw, logged out of all sessions and turned 2FA on (which I didn’t do before). Since then I had no problem.
I knew that Linkedin had a breach before September so I changed my pw and turned on 2FA in September. About a week or so after the Reddit hack my personal Linkedin got hacked. My account was turned invisible (others couldn’t see me) as a precaution of Linkedin I suppose after the hacker changed my profile pic to an AI woman. I still don’t understand how the 2FA didn’t help in that case? But again I changed my pw, logged out of all sessions and turned in my driver’s license to Linkedin and my account got restored within 24hrs.
Two weeks later (about three weeks ago) my personal Twitter acc got hacked and reposted one bitconnect like scam post. I had 2FA turned on and recently changed my password after the Linkedin hack. I changed my pw again, logged out of all sessions and nothing weird happened since.
Today my (own) company’s Twitter acc got hacked again and the same scam posts (from the same acc) got reposted. I have 2FA turned on but my password is from May or so. Changed the pw a minute ago and logged out of all sessions.
I used different pws on all accounts.
TL;DR: Why do I keep getting hacked? What do I have to do that it stops?
I have Bitdefender Antivirus on my PC. I was logged into Linkedin only on my PC, Reddit & my personal Twitter on my iPhone and my PC, into the company’s Twitter on my phone, my partners phone, my PC and maybe her PC - so the problem has to be on my PC!
Do I have a malware infection? Bitdefender full scan says no… Should I just run malware removal tools? Pls help 🥲
PS: I used three different email adresses for all accounts which are all not pwned on https://haveibeenpwned.com/
TL;DR: You do not use two factor.