Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Kurisu The WolfSo .... Stuff happened.
#1
Before I start lets get one thing out of the way first.
You all know me as Eevee.

Why the new account you asked?
Well let me explain.

Just before Christmas I noticed a few odd things happening with other accounts on the web, PS4 notifying me of actions I never did, People telling me I sent them stuff that I never sent and so on and so forth.
After delving into the business further and having my bank account invaded (Which luckily the bank stopped before any sufficient amount was lost) I came to the realization that I have been hacked.

So after several weeks of working with a few close friends to restore my computer and other devices I'm finally at the stage now where I can comfortably start my Interneting again but since I don't know how far in the hack goes I'm reluctant to use any of my old accounts.

So, Fresh new start with a fresh new face.

I would suggest to any staff members to remove the admin ability from my old account and possible even ban/remove both mine and Vul's account just to be on the safe side.

Anyway, That's all I have to say on the issue.
Thanks for your time and its good to be back.
Reply
#2
That's... a little terrifying, to be honest. I've received quite a few phishing emails lately from places where security leaks took place, but most of them had redundant password information or only fragments; regardless, I've been a little on edge about personal privacy. It sucks that you got hacked, and hopefully the damage was contained for the time being. Even though this place is at a relatively low risk of breaches it's probably a good idea to see if two-factor authentication of some kind can be put in place here. It'd definitely make me feel a litlle better.

In any case, it's nice to see you again, Eevee. Fingers crossed that it doesn't happen to you again.
Could anyone who had never seen stars possibly imagine what infinity is, when, most likely,
The very concept of infinity first appeared among humans inspired, once upon a time, by the nocturnal vault of the heavens?
Reply
#3
Weird. My coworker recently had his bank account hacked. It was weird because it was his savings account and not his checking which is usually what is compromised. They took out 10k over the course of a few months via some paypal or something. Luckily the bank gave him back his money. Really really sucks!

Glad it wasn't too extensive for you. FYI, you should enable 2 step authentication on your PS4.
[Image: sonichqsig.png]
[Image: SonicBlastUserbar3.png]
[Image: knuckes_stamp_by_pfv0_stamp.png][Image: espio_stamp_by_pfv0_stamp.png][Image: shadow_stamp_by_pfv0_stamp.png]

Reply
#4
Welcome back to the board! I'm truly sorry to hear that you have had to go through such a distressing and invasive issue -- and sadly one that is all too common with the wide variety of attack methods and bad actors prowling around. 

I'm sure you may already know most of this, but just in case I wanted to provide some advice to help guard against such attacks. Please keep in mind that the following is more severe than what I'd recommend in general due to the severe extent the attacks you encountered reached. 
  • If financially feasible, you should get rid of all of your electronic/digital devices that experience network, internet or cellular connectivity of any kind (including peripherals like bluetooth). This includes even things like your internet router. These should all be disposed of and replaced with brand new devices.
  • If not financially feasible (which is totally understandable, I know I couldn't afford that) then you should take every step possible to clean and secure every device. This can start out with more conventional approaches such as doing a full virus scan (using multiple products, but only one on/used at a time) and supplementing with things like VirusTotal analysis, but may require more specialized tools to analyze and scrub rootkits or other very specific malware.
  • In the case of your internet router, you may want to research specific steps to defend your router against threats like VPNFilter. You may also want to check if you have a CPU that is currently vulnerable to Meltdown, Spectre, or similar highly specialized strains of malware, and take appropriate action.
  • Backup all of your data in multiple locations (e.g. online backup service + offline storage drives locked in fireproof safe + conveniently-accessible local backups on USBs) keeping in mind the unique security risks and pros/cons of each. But when it comes to backups, redundancy is key, so have as many backups in as many different secure locations as possible.
  • Ensure that all accounts are fully secured with brand new passwords. Each account should have a unique password, so no password should be used more than once. Wherever possible, every account should have 2-factor authentication enabled. This is essential to do for every account, including your email accounts. Your computer itself should have one or more stages of authentication enabled as well as taking any necessary steps to harden against remote access. When using 2FA, it's also essential to avoid text-based 2FA whenever possible due to the SIM-swap attack vector. You can defend against this by using 2FA apps like Google Authenticator whenever possible, or even better investing in a device like a Yubikey to move the 2FA step away from phones altogether. When text-based 2FA is the only option, you can still take steps to defend yourself like contacting your cell service provider and requiring that no one have authorization to request SIM card related service requests or anything involving phone number changes over the phone, and that such things can only be done by you going to a service provider's store in person and providing multiple forms of identification.
  • Change all of your personal contact details (phone number, email addresses, etc) and share that information with as few people as possible, and with those you do share it with, make it clear that your privacy is to be respected at all times.
  • Lock down social media accounts as much as possible so that as few people as possible can view your information, posts, etc.
  • Never download any file unless you are 100% sure it's safe and you 100% trust the individual, organization or company supplying the file, as well as the web service hosting the file. All downloaded files, regardless of trust level should be scanned locally with at bare minimum a primary antivirus product and a backup 2nd opinion scanner, as well as ran through VirusTotal. When further caution is required, you can consider running the application within an amnesic isolated environment such as Sandboxie, or a network-isolated virtual machine instance. If you have no choice but to open a file that may be dangerous, it should be ported to a physically isolated testbed computer that is completely disconnected from any and all wired or wireless networks, bluetooth, z-wave devices, and so on such that any potential malware would be unable to communicate with any of your other devices or the outside world.
  • Never click on any links unless you 100% trust where it leads, keeping in mind that links can be easily masked using page data manipulation, link shortening services, link redirection services, and many other techniques. Also be wary of man-in-the-middle attacks that can steal information by interjecting maliciously betwixt you and a legitimate service.
  • Never give anyone information unless they absolutely need that specific information for a purpose that serves you or otherwise makes sense. Always report suspicious behavior or activity to law enforcement.
  • Take extra care to protect any and all financial accounts and financial matters from tampering and snooping. In addition to any technical measures, this should always include reaching out to your financial institution(s) to put in place as many safeguards/notifications/etc as possible at every level.
This is by no means an exhaustive or comprehensive list, just some of the main things I could think of off the top of my head. I wish you the best with recovering from this and I hope that you never have to deal with such a thing ever again.

Take care, be vigilant, but most importantly have peace in the knowledge that you have overcome this situation and bested any attackers. Not only did they lose in this instance, but they lose many deeper things throughout life as a result of the path to ruination they forge for themselves with the choices they make. I look forward to seeing you around the forum.
[Image: A0uWPe.jpg]
Reply
#5
I'm sure you guys are all smart enough cookies to know who I am.
So yeah I'm just going to ditto what Kurisu said.
Sucks but were making the most of it.
Reply


Forum Jump:


Mobians inhabiting this thread: 1 Guest(s)