Jump to content



Photo

Just got hacked need advice


  • Please log in to reply
45 replies to this topic

#16 ]SK[

]SK[

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 12-October 04
  • Location: Nottingham, UK
  • OS: Windows 8.1
  • Phone: Nexus 5

Posted 27 March 2013 - 13:44

As nik said. Stealing passwords is not hacking. I'm sat at someone else's desk today at work and on their notepad I can see various passwords. Taking them wouldn't make me a hacker.

In the words of Tyler Durden: Shoving feathers up your butt does not make you a chicken.


#17 OP DrakeN2k

DrakeN2k

    Neowinian

  • Joined: 04-December 10

Posted 27 March 2013 - 13:52

Ok i understand i was not hacked, but why would this guy go to the length to reset my university system passwords ?

or reset the password to one mmo game I play.

but not Facebook ?

#18 ]SK[

]SK[

    Neowinian Senior

  • Tech Issues Solved: 2
  • Joined: 12-October 04
  • Location: Nottingham, UK
  • OS: Windows 8.1
  • Phone: Nexus 5

Posted 27 March 2013 - 13:53

To prevent you changing passwords to accounts that use that email address?

#19 vcfan

vcfan

    Doing the Humpty Dance

  • Tech Issues Solved: 3
  • Joined: 12-June 11

Posted 27 March 2013 - 13:54

sometimes your emails could get hacked without anything happening on your end. if you register on websites and forums using the same password as your email,if the site gets compromised,so does your email account. the sites might not even know they've been compromised. Once they have access to one email,the floodgates open.

#20 OP DrakeN2k

DrakeN2k

    Neowinian

  • Joined: 04-December 10

Posted 27 March 2013 - 14:08

That is true. I have got control over everything again.

I was wondering how it just happened. I have got new and different passwords for everything. Changed security options, Removed trusted emails to a trusted phone number.
2 step verification added to supports accounts.

uh it was so strange how the "person" just changed stuff on some things not others and yet he left a paper trail of all the reset emails lol.

#21 rr_dRock

rr_dRock

    Resident Magical Lion v1.2

  • Tech Issues Solved: 1
  • Joined: 23-June 06
  • Location: Time Warp, Canadian Arctic
  • OS: Windows 7 x64, Windows 8 x64, Windows Server 2012
  • Phone: Galaxy SIV (CM11), iPhone 4S

Posted 27 March 2013 - 14:25

uh it was so strange how the "person" just changed stuff on some things not others and yet he left a paper trail of all the reset emails lol.


it could have been a she....

/troll

#22 Hum

Hum

    totally wAcKed

  • Tech Issues Solved: 6
  • Joined: 05-October 03
  • Location: Odder Space
  • OS: Windows XP, 7

Posted 27 March 2013 - 14:32

Damn you North Korea !

Posted Image

#23 sc302

sc302

    Neowinian Senior

  • Tech Issues Solved: 25
  • Joined: 12-July 05
  • Location: NJ, USA

Posted 27 March 2013 - 14:39

I would argue that those dictionary definitions are not really valid. This is where general understanding is often behind technology. If I broke into my library and turned on their PC is that hacking? IMHO no. To me, "hacking" would be:

Gaining access to a computer system by means of exploiting technical vulnerabilities.

That distinguishes it from social engineering and so on. Also seeing as "ethical hacking" is a common phrase, and something we (as a company) pay for (as penetration testing) - it's not illegal at all, and yet still "hacking"!?

As dog is not the same as hot dog, ethical hacking is not the same as hacking.


#24 AsherGZ

AsherGZ

    Neowinian Senior

  • Joined: 30-June 11
  • Location: Karachi, Pakistan
  • OS: Windows 8.1 Pro x64
  • Phone: Lumia 820, 520

Posted 27 March 2013 - 14:49

From what you've mentioned, looks like it was someone you know as this person knew even your gaming habits. A friend of mine once did it to another as a joke by slipping a keylogger into his study notes. You should talk to your university IT department and see if they can tell you what IP was used to request for a password reset.

#25 +BudMan

BudMan

    Neowinian Senior

  • Tech Issues Solved: 89
  • Joined: 04-July 02
  • Location: Schaumburg, IL
  • OS: Win7, Vista, 2k3, 2k8, XP, Linux, FreeBSD, OSX, etc. etc.

Posted 27 March 2013 - 19:11

great you use other passwords for other sites. But as touched upon already..

lets say your main email is billy@yahoo.com - and all the other sites you login too, even other email accounts you setup billy@yahoo.com as recovery, etc..

If I get into billy@yahoo.com because your password was compromised, bruted, guessed then I could just look into your email to where you got logins from, game sites, forums, etc.. And then from there access them and ask for resets to be able to get in, etc.

as already mentioned, access to something like your main email account could open a flood gates to access to all your other accounts. You really need to turn on 2 factor for your main email account if possible. Or use a very strong password on this account.

#26 xendrome

xendrome

    In God We Trust; All Others We Monitor

  • Tech Issues Solved: 10
  • Joined: 05-December 01
  • OS: Windows 8.1 Pro x64

Posted 27 March 2013 - 19:20

Well it "I" requested a password reset for most of my accounts which then the password was changed to something else.

I have not logged on to any public network.


So they got into one e-mail account then used that account to reset pass/e-mails on other items connected to it, so really only (1) item was broken into technically. The others fell because of the loss of the first. Your password was probably weak, or you used a public computer and someone logged your password or you forgot to log off?

#27 +warwagon

warwagon

    Only you can prevent forest fires.

  • Tech Issues Solved: 2
  • Joined: 30-November 01
  • Location: Iowa

Posted 27 March 2013 - 19:22

First off how could you tell you were "hacked"?

As far as how you can prevent this from happening again.

Do your windows updates
Update your 3rd party applications ( I use patchmypc http://www.patchmypc.net)
Update or remove java if you don't need it
don't click on links in emails
don't use dictionary passwords.

Use a password manager which generates random garbage as your password and then remembers it for you

Turn on two-factor authentication if your email account supports it

Lie on your security questions. Most websites only give you a handfull of questions to choose from without giving you the options to create your own. These default questions are also very easy to look up on line if they know who you are. So the best advice would be to use a password manager like roboform (the one I use) or lastpass. Add the security questions and the answers you used to that card. Personally for the answers I just let the password manager generate some gibberish and I use that.

Don't use yahoo mail.

If you let firefox remember your passwords, create a password for firefox otherwise it will display your passwords in plain text.
Use Antivirus software

One thing that goes even further would be to use sandboxing software like sandboxie to sandbox your internet activity. (I sand box ALL of my web browsing activity)Then generally won't prevent a password from being stolen but it will prevent malware from getting permanently installed on your machine. Unless of course you let it out of the sandbox and run it.

#28 OP DrakeN2k

DrakeN2k

    Neowinian

  • Joined: 04-December 10

Posted 28 March 2013 - 11:31

I found the Ip address of the person who tried to brake into one of the games i play, I wonder what you can do with it?, apart from block him.

#29 MidnightDevil

MidnightDevil

    Resident Evil

  • Joined: 30-June 04
  • Location: Hell!

Posted 28 March 2013 - 11:42

No one gets 'hacked' nowadays, it's not possible. Phished, malwared, social engineered, yes.
Enable 2-factor authentication after you've reset everything, check your logs (gmail), sent items, trash etc.


No one gets hacked nowadays? Are you serious? Have you got any idea of what you're talking about? lol

A 2 step auth for gmail is recommended yes, also complex passwords with letters, uppercase and downcase, characters and numbers, something like ne0w1n.N3! should do the trick.

A format is usually recommended, but not sure how helpful it is in extreme cases of rootkit infections. Maybe deleting the partition and creating a new one in order to overwrite MBR and such.

Also make sure your computer is relatively protected in terms of updated AV and firewall. Check the firewall rules and logs for access and eventviewer to see if there's any logged security audit.
You can also check msconfig and check which processes are loading on boot, make sure what's enable you know what it is.

I found the Ip address of the person who tried to brake into one of the games i play, I wonder what you can do with it?, apart from block him.


If you have logs (like firewall logs) with that information you can submit to a abuse@isp.com (or any address which concerns to security of the network you're in).

#30 leesmithg

leesmithg

    The Major!

  • Tech Issues Solved: 3
  • Joined: 11-August 04
  • Location: Kings Hill, West Malling, Kent, England.

Posted 28 March 2013 - 11:47

I woke up this morning to discover my Uni email , and two other personal emails were hacked what I have lost I cant tell. each email had different passwords. I have reset all three and changed passwords to brand new ones. Other passwords to games have be also hacked and im going though them , Can you give any advice about how this could have happened, and the best way about not letting it happen again?


Well you never got hacked, you got ''cracked''.

You probably have a Trojan horse recording all your key strokes.

I suggest getting an application like or the same as I use.

Keyscrambler at http://www.qfxsoftwa...eyscrambler.htm

I purchased the premium version, they also offer pro and for free, yes a free version.

I also suggest a full system scan with your anti virus and maybe investing in zemana anti logger.

Use the trial then wait for them to release a free key, they seem to release free keys minimum of 10 times a year, in 4 years I have never paid for it.

They also offer a free version now: http://www.zemana.co...ntilogger-free/