Hi!

I got hacked on my Reddit (the one I’m writing form) last month. I noticed it because of weird upvotes and comments in my timeline. They were definetly made by a person (NSFW stuff and shoes, seemed cohesive human behaviour) so I looked at the session locations and saw a sessions running in the US not having my IP. Changed my pw, logged out of all sessions and turned 2FA on (which I didn’t do before). Since then I had no problem.

I knew that Linkedin had a breach before September so I changed my pw and turned on 2FA in September. About a week or so after the Reddit hack my personal Linkedin got hacked. My account was turned invisible (others couldn’t see me) as a precaution of Linkedin I suppose after the hacker changed my profile pic to an AI woman. I still don’t understand how the 2FA didn’t help in that case? But again I changed my pw, logged out of all sessions and turned in my driver’s license to Linkedin and my account got restored within 24hrs.

Two weeks later (about three weeks ago) my personal Twitter acc got hacked and reposted one bitconnect like scam post. I had 2FA turned on and recently changed my password after the Linkedin hack. I changed my pw again, logged out of all sessions and nothing weird happened since.

Today my (own) company’s Twitter acc got hacked again and the same scam posts (from the same acc) got reposted. I have 2FA turned on but my password is from May or so. Changed the pw a minute ago and logged out of all sessions.

I used different pws on all accounts.

TL;DR: Why do I keep getting hacked? What do I have to do that it stops?

I have Bitdefender Antivirus on my PC. I was logged into Linkedin only on my PC, Reddit & my personal Twitter on my iPhone and my PC, into the company’s Twitter on my phone, my partners phone, my PC and maybe her PC - so the problem has to be on my PC!

Do I have a malware infection? Bitdefender full scan says no… Should I just run malware removal tools? Pls help 🥲

PS: I used three different email adresses for all accounts which are all not pwned on https://haveibeenpwned.com/

  • rekabis@alien.topB
    link
    fedilink
    English
    arrow-up
    1
    ·
    1 year ago

    does a pw really need 16+ UTF-8 characters?

    Not UTF-8, specificially, but min. 16 characters, definitely. Anything less than that is considered trivially crackable. And 16 may already be obsolete - bank on 20+.

    But completely random passwords drawn from the full UTF-8 character set is what really helps with creating a complex password.

    And honestly, that is why you should be making use of a password manager - because you really don’t want to remember more than a single solitary password - the one to your password manager. All the rest should be completely randomly generated, to the max that the service/password-field can take (but anything over 64 characters is typically extreme). You use a reputable password manager like BitWarden or 1Password to do the remembering for you.

    • studiofirlefanz@alien.topOPB
      link
      fedilink
      English
      arrow-up
      1
      ·
      1 year ago

      But if my pw manager is hacked then all my data is lost at once? 🤔

      Maybe that’s a discussion for another threat. But if feel suspicious about pw managers (maybe that’s stupid)