Urgent Help Needed: Multiple Account Hacks and Security Breaches Despite Strong Security Measures – Need Advice

246°
Finance Mentor
shraaj

Hi Dimers,

I recently faced a hacking incident despite using strong security measures, and I’m looking for advice. Here's what happened:

Instagram Hack (7th October 2024, 7:30 PM):

I received a notification that someone liked my story, but I hadn't posted anything. Upon checking, I found that my account was changed from private to public. A crypto-related post and story (Image 1) had been shared. I immediately deleted the content and reviewed my login activity, noticing an unfamiliar device from Washington, DC. Although I use a 25-30 character password generated by Bitwarden and have 2FA enabled with Zoho’s OneAuth, the hacker somehow bypassed these defenses. Fortunately, I was able to regain access due to 2FA.

LinkedIn Hack (7th October 2024, 7:30 AM):

Hours later, next day in morning,I received connection requests on LinkedIn. When I checked, my entire profile had been replaced with someone else’s information, including a photo of a girl from London. As I’ve been actively job hunting, this was alarming. I reported the issue to LinkedIn support via Twitter, and they promised to restore my profile within 48-72 hours.

Reddit Hack:

I received an email from Reddit about suspicious activity, and upon checking, I saw multiple login attempts from countries like Brazil and Bangladesh (Image 2). I hadn’t enabled 2FA on Reddit at the time, so I quickly reset my password, enabled 2FA, and logged out of all devices. Fortunately, no malicious activity occurred on the account.

Microsoft Account Concerns:

When I logged back into my Microsoft account after reinstalling Windows 11, I saw numerous failed login attempts from different countries. Despite this, no unauthorized access was made, likely due to 2FA and strong passwords.

Steps I’ve Taken:

1. Changed all passwords and reset my Bitwarden master password.

2. Created new email accounts: one for social media, one for banking, and one for shopping.

3. Deleted my Google account after switching all financial activities to alias emails (e.g., [email protected]).

4. Planning to switch to ProtonMail for added security.

Questions:

1. Could this have been a server-side breach, exposing my Google ID or emails linked to social media?

2. Have Indian users faced issues with ProtonMail, like blocking by banks?

3. What additional steps should I take to further secure my accounts?

Thankfully, no financial loss occurred, but the identity theft has caused immense stress and anxiety. I’m particularly concerned about the repeated login attempts on multiple accounts and would appreciate any guidance or insights.

Thanks for your help! 

@shraaj

Top Comments
Deal Newbie Deal Newbie
Link Copied
Last break-up kitne samay pehle hua tha, ye soch lo.
If not a break-up, then the last time you (even unwittingly) angered the other person enough.

Google account 'deletion' was not really required, nor (I think) would particularly matter in the future either.

This seems to be some other way of either having a mirrored device or somehow being able to access the traffic from your device too.

The typical 'man in the middle' attack.

Obviously this was likely not a 'targeted' attack (against you/high value asset) but just an opportunistic one.

(Pickpocketing versus finding a wallet accidentally left behind on a table and picking it up.)

The Myanmar or other south east Asian (almost concentration) camps... trap and employ dedicated social engineering pointsmen/ pointswomen.. in cahoots with the state sponsored hacking syndicates in China, DPR Korea or elsewhere.

Maybe your credentials were just out there in the non encrypted part of the traffic or somehow either at your ISP's nodes or via the master database leaks of some other sites.. your details were out there and samples given to random buyers or users to test.
Maybe that is why nothing significant happened in your Linkedin, Instagaram accounts.. while Reddit, Microsoft nipped it in the bud.

If I were you, then I would first ditch at-least the regular portable devices (tablets, mobiles) and make significant changes to or entirely replace the routers and stuff.. assuming those could be a known vulnerability for the other party to exploit.

Yes I would change login credentials too.. but i do not know if still using the same e-mail service (MSN, gmail, yahoo, others) could subvert fingerprinting.

Changing MAC ID and stuff is not enough to avoid getting fingerprinted/ recognised as the same entity.
Mobile Guru Mobile Guru
Link Copied

they stole your cookies from browser session then they can access any site u r logged in happening with lots of youtube channel including big ones like LTT, and everytime they promote crypto thing 

Deal Cadet Deal Cadet
Link Copied

Don't use alias email for financial stuff rather use different email id

Many new finance & banking apps in name of security won't let you login when there are special characters in email [ " + " also included ] if not now when they update their app without thinking of existing users

Some are so advanced that they let you register with alias than says email id not correct on frontend when logging  in & arguing with CS is like banging head against wall.

45 Comments  |  
15 Dimers
  • Sort By
Deal Baba Deal Baba
Link Copied

I remember after Installing an Software from unknown Site, they hacked my Gmail which was logged in [ not the ones in other chrome profiles]....and then they created Google Adsense account with that and another adware site...

Regarding your case, use Separate Emails for Social media & shopping.

Also, scan devices multiple times with some good free antivirus software or just windows scan.

Finance Mentor Finance Mentor
Link Copied

I have McAfee Antivirus enabled on my laptop. A few hours before the hack, I installed data recovery software from Github. The software prompted me to disable the antivirus, which I did. I suspect that this is when the hack occurred, but I'm not entirely sure. Approximately 15 minutes after re-enabling the antivirus, some files were quarantined. Only my social media-connected accounts were hacked, except for Twitter (X), which uses a different email ID.

View 5 more replies
Deal Cadet Deal Cadet
Link Copied

Happens when your windows is compromised Happened with me many times lost money and thousand worth steam items also facebook hacked What it does is injects adware into google chrome and  pc It is seriously recommended to fresh install windows and change password also enable 2F if not already done.

Finance Mentor Finance Mentor
Link Copied
I use the Brave Browser and have enabled almost all privacy settings, such as blocking fingerprints, third-party cookies, and not sending my data for diagnostic purposes.
View 2 more replies
Deal Lieutenant Deal Lieutenant
Link Copied

Can you figure out which attack happened first? based on time in milliseconds?

that will most likely be the first that got compromised and other hacks followed up

my guess and bet is your Microsoft account or google email id exposed, might be the first that got hacked and then other hack followed up

Finance Mentor Finance Mentor
Link Copied
My Microsoft account uses my Google email address.
View 8 more replies
Deal Newbie Deal Newbie
Link Copied
Last break-up kitne samay pehle hua tha, ye soch lo.
If not a break-up, then the last time you (even unwittingly) angered the other person enough.

Google account 'deletion' was not really required, nor (I think) would particularly matter in the future either.

This seems to be some other way of either having a mirrored device or somehow being able to access the traffic from your device too.

The typical 'man in the middle' attack.

Obviously this was likely not a 'targeted' attack (against you/high value asset) but just an opportunistic one.

(Pickpocketing versus finding a wallet accidentally left behind on a table and picking it up.)

The Myanmar or other south east Asian (almost concentration) camps... trap and employ dedicated social engineering pointsmen/ pointswomen.. in cahoots with the state sponsored hacking syndicates in China, DPR Korea or elsewhere.

Maybe your credentials were just out there in the non encrypted part of the traffic or somehow either at your ISP's nodes or via the master database leaks of some other sites.. your details were out there and samples given to random buyers or users to test.
Maybe that is why nothing significant happened in your Linkedin, Instagaram accounts.. while Reddit, Microsoft nipped it in the bud.

If I were you, then I would first ditch at-least the regular portable devices (tablets, mobiles) and make significant changes to or entirely replace the routers and stuff.. assuming those could be a known vulnerability for the other party to exploit.

Yes I would change login credentials too.. but i do not know if still using the same e-mail service (MSN, gmail, yahoo, others) could subvert fingerprinting.

Changing MAC ID and stuff is not enough to avoid getting fingerprinted/ recognised as the same entity.
Trailblazer Trailblazer
Link Copied
Can you please brief how (what are the ways) this person's data went leak to others, in a layman's term?
View 4 more replies
Heart of Gold Heart of Gold
Link Copied

Since you installed a random software, it may have extracted saved cookies of social media sites from your browser. Always use virustotal first to check any software

Generous Generous
Link Copied

Problem is with automated password softwares like bitwarden / passkey etc .

Try switching to old methods of memorising strong password .. no regular pattern etc .. 

Comrade Comrade
Link Copied

Just assuming on a second thought, with so much of precautions this happened, think again for your surroundings, did someone got access to it in office or somewhere? Because we sometimes forget to secure physical devices.

Deal Newbie Deal Newbie
Link Copied
only possible vulnerability seems to be google authentication ☛https://myaccount.google.com/connections☚ and nothing more than that.

I could be wrong though.

(I meant.. him letting sites use his google login credentials via ☛https://myaccount.google.com/connections☚)
View 4 more replies
Like Magnet Like Magnet
Link Copied

Hi there,

I’m really sorry to hear about your recent hacking incidents. It’s understandably distressing, especially given the measures you’ve already taken. Here’s some guidance based on your situation:

1. Server-Side Breach Concerns:
  • Yes, it’s possible that a server-side breach could have exposed your information, especially if your accounts were linked to your Google ID or if any of the platforms experienced security issues. Keep an eye on announcements from the services you use and consider using a service like Have I Been Pwned to check if your email has been involved in a data breach.
2. ProtonMail and Indian Users:
  • While ProtonMail is generally regarded as a secure option, there have been some reports of Indian users facing issues with certain banks regarding account verifications. It’s best to check current user experiences or forums for up-to-date information before making the switch.
3. Additional Security Steps:
  • Security Audit: Conduct a thorough security audit of all accounts. Ensure 2FA is enabled wherever possible, and consider using an authenticator app instead of SMS for added security.
  • Monitor Accounts: Regularly check your login activity and any security settings. Set up alerts for unusual activities if available.
  • Password Management: Consider using unique passwords for every account, even for sites that don’t hold sensitive information.
  • Use a VPN: This can help protect your online activity and make it more difficult for hackers to track your information.
  • Email Security: Since email is often a gateway to other accounts, ensure your email accounts have robust security measures. Look into using a secure email provider if you haven’t already.
  • Consider Identity Theft Protection: Services can monitor your personal information and alert you to potential misuse.
Conclusion:

The emotional toll of identity theft is significant, and it’s good that you’re being proactive. Keep monitoring your accounts closely, and don’t hesitate to reach out to the platforms for further assistance if you notice any suspicious activity. If you have any further questions or need clarification, feel free to ask.

Stay safe!

Helpful Helpful
Link Copied

How VPN is secure? All our data will go through from servers right? How can be their servers safe?

View 1 more reply
Mobile Guru Mobile Guru
Link Copied

they stole your cookies from browser session then they can access any site u r logged in happening with lots of youtube channel including big ones like LTT, and everytime they promote crypto thing 

Benevolent Benevolent
Link Copied

your device, most probably desktop/pc, is compromised.

Finance Mentor Finance Mentor
Link Copied

Actually Hackers stolen my Browser Cookies thats why he didnt needed any 2FA OTP because every website that was breached or compromised was already logged in. @Jarvis.-.


Update - Thankfully, I have completely changed my email ID and made a diferent email ids for every purpose and using Strong Password + 2FA and Logging Out after my work is done.

View 2 more replies
Deal Cadet Deal Cadet
Link Copied

Don't use alias email for financial stuff rather use different email id

Many new finance & banking apps in name of security won't let you login when there are special characters in email [ " + " also included ] if not now when they update their app without thinking of existing users

Some are so advanced that they let you register with alias than says email id not correct on frontend when logging  in & arguing with CS is like banging head against wall.

Finance Mentor Finance Mentor
Link Copied
You are correct, i tried this to change alias in banking apps but after entering + they simply not accepted it.

I have added Protonmail in banking apps except some of the financial apps (Data Chor) like Fi Money,Cred they Only Accept Google Mail so will be using Separate Google Account for them.
replyuser
Click here to reply
Reply