Hi!

I got hacked on my Reddit (the one I’m writing form) last month. I noticed it because of weird upvotes and comments in my timeline. They were definetly made by a person (NSFW stuff and shoes, seemed cohesive human behaviour) so I looked at the session locations and saw a sessions running in the US not having my IP. Changed my pw, logged out of all sessions and turned 2FA on (which I didn’t do before). Since then I had no problem.

I knew that Linkedin had a breach before September so I changed my pw and turned on 2FA in September. About a week or so after the Reddit hack my personal Linkedin got hacked. My account was turned invisible (others couldn’t see me) as a precaution of Linkedin I suppose after the hacker changed my profile pic to an AI woman. I still don’t understand how the 2FA didn’t help in that case? But again I changed my pw, logged out of all sessions and turned in my driver’s license to Linkedin and my account got restored within 24hrs.

Two weeks later (about three weeks ago) my personal Twitter acc got hacked and reposted one bitconnect like scam post. I had 2FA turned on and recently changed my password after the Linkedin hack. I changed my pw again, logged out of all sessions and nothing weird happened since.

Today my (own) company’s Twitter acc got hacked again and the same scam posts (from the same acc) got reposted. I have 2FA turned on but my password is from May or so. Changed the pw a minute ago and logged out of all sessions.

I used different pws on all accounts.

TL;DR: Why do I keep getting hacked? What do I have to do that it stops?

I have Bitdefender Antivirus on my PC. I was logged into Linkedin only on my PC, Reddit & my personal Twitter on my iPhone and my PC, into the company’s Twitter on my phone, my partners phone, my PC and maybe her PC - so the problem has to be on my PC!

Do I have a malware infection? Bitdefender full scan says no… Should I just run malware removal tools? Pls help 🥲

PS: I used three different email adresses for all accounts which are all not pwned on https://haveibeenpwned.com/

  • dEEkAy2k9@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    Best practice would be to use 2FA where possible. Generate passwords as complex as possible and use a password manager yourself to keep track of everything.

    If possible, use unique user/pw where possible.

    Don’t install crap on your devices, log out, clean cookies/cache etc.

    • studiofirlefanz@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      Especially the last sentence is something I’m doing now: logging out of every session at the end, cleaning cookies/cache - good tips! Thank you!!! 😊

      • dEEkAy2k9@alien.topB
        link
        fedilink
        English
        arrow-up
        1
        ·
        1 year ago

        You can set up your browser to do this automatically, but this is just one step in becoming clean. You need to make sure that there’s nothing installed on your devices that might be fishy. Keylogger, trojans, viruses etc.

        If you still suspect things to be strange. Clean reinstall!