|
Baby_Hitler
Errorist




Registered: 03/06/02
Posts: 27,587
Loc: To the limit!
Last seen: 35 minutes, 18 seconds
|
Email hacked, what do?
#15454798 - 12/02/11 02:29 PM (12 years, 1 month ago) |
|
|
One of my email accounts seems to have been hacked lately. I was getting messages in my inbox that emails sent from my account were being bounced. I recognized the addresses as addresses that I had emailed at one point from that account, so it would seem that someone else had been sending emails from my account.
My password was terrible, what's more, I use that password with pretty much every website that I buy things from, and I use the same password for those sites. This was my "spam account" that I used to keep commercial stuff separate from personal stuff.
I have a paypal account connected with that address, but the password is different. No connection to my bank account.
I have used this account with kinds of little websites that I bought from once or twice. Some of them are bound to still have some of my P.I. available with just my email address and password. I'm afraid I may have a problem.
What I really need is the same software that a hacker would use to mine the data in my inbox to help me find all the accounts that need passwords changed, if it isn't already too late.
Dammit, internet.
-------------------- Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ (•_•) <) )~ ANTIFA / \ \(•_•) ( (> SUPER / \ (•_•) <) )> SOLDIERS / \
|
luvdemshrooms
Two inch dick..but it spins!?


Registered: 11/29/01
Posts: 34,247
Loc: Lost In Space
|
|
My Yahoo account was hacked once. I simply used the "forgot my password" link. They reset my account and I simply used a much stronger password the second time.
Of course that inspired me to change all my passwords.
-------------------- You cannot legislate the poor into prosperity by legislating the wealthy out of prosperity. What one person receives without working for another person must work for without receiving. The government cannot give to anybody anything that the government does not first take from somebody else. When half of the people get the idea that they do not have to work because the other half is going to take care of them and when the other half gets the idea that it does no good to work because somebody else is going to get what they work for that my dear friend is the beginning of the end of any nation. You cannot multiply wealth by dividing it. ~ Adrian Rogers
|
luvdemshrooms
Two inch dick..but it spins!?


Registered: 11/29/01
Posts: 34,247
Loc: Lost In Space
|
|
Oh yes... none of my other accounts were compromised, but change all yours to be sure.
You can use the same password for each, but with a slight variation.
For example, the first 3 letters of the account provider:
njuGYFJouyvbmghYAH for Yahoo.
njuGYFJouyvbmghAOL for AOL.
Or put the first letter (or the last) at the beginning of your password.
YnjuGYFJouyvbmghAH.
AnjuGYFJouyvbmghOL.
-------------------- You cannot legislate the poor into prosperity by legislating the wealthy out of prosperity. What one person receives without working for another person must work for without receiving. The government cannot give to anybody anything that the government does not first take from somebody else. When half of the people get the idea that they do not have to work because the other half is going to take care of them and when the other half gets the idea that it does no good to work because somebody else is going to get what they work for that my dear friend is the beginning of the end of any nation. You cannot multiply wealth by dividing it. ~ Adrian Rogers
|
Robo
R Series 66Y
Registered: 05/08/07
Posts: 14,861
|
|
|
RonaldFuckingPaul
Our Dear Leader



Registered: 10/31/07
Posts: 13,617
Loc: Straight Outta Compton
Last seen: 9 years, 5 months
|
|
I'd bet money you were using yahoo or hotmail. Get on the gmail bandwagon breh.
--------------------
|
Robo
R Series 66Y
Registered: 05/08/07
Posts: 14,861
|
|
He had a weak password and someone brute-forced it, that's all. Happened to my Paypal account, and someone decided I'd help them pay their multiple hundred dollar Skype bill. 
Since then I've started using smarter passwords.
|
RonaldFuckingPaul
Our Dear Leader



Registered: 10/31/07
Posts: 13,617
Loc: Straight Outta Compton
Last seen: 9 years, 5 months
|
Re: Email hacked, what do? [Re: Robo]
#15456545 - 12/02/11 09:15 PM (12 years, 1 month ago) |
|
|
Quote:
Ombient said: He had a weak password and someone brute-forced it, that's all. Happened to my Paypal account, and someone decided I'd help them pay their multiple hundred dollar Skype bill. 
Since then I've started using smarter passwords.
But, gmail, bro.
I have an awesome password though as well.
--------------------
|
Robo
R Series 66Y
Registered: 05/08/07
Posts: 14,861
|
|
Gmail is pretty rad, I guess.
Free IMAP.
|
koraks
Registered: 06/02/03
Posts: 26,667
|
|
Just change all your passwords.
Quote:
Baby_Hitler said: What I really need is the same software that a hacker would use to mine the data in my inbox to help me find all the accounts that need passwords changed, if it isn't already too late.
It doesn't work like that. If one account is compromised, then assume all of them are and change your passwords.
Quote:
I was getting messages in my inbox that emails sent from my account were being bounced. I recognized the addresses as addresses that I had emailed at one point from that account, so it would seem that someone else had been sending emails from my account.
Also, if you're using a local mail client (Outlook, Thunderbird) in which those addresses were stored, it's possible that your machine is infected by a virus and has become a spambot. So perform a thorough virus scan just to make sure.
|
frith
God

Registered: 10/27/09
Posts: 7,512
Loc: Philadelphia, PA
|
Re: Email hacked, what do? [Re: koraks]
#15458616 - 12/03/11 11:26 AM (12 years, 1 month ago) |
|
|
You should also run a malware scan on your personal computer to make sure there are not keyloggers installed. If there are, changing your password won't do much good.
Also, I suggest generating random passwords and salting them. Use keepassx to manage them. http://www.keepassx.org/
--------------------
|
Chespirito
Stranger



Registered: 02/13/09
Posts: 3,259
|
Re: Email hacked, what do? [Re: frith]
#15458674 - 12/03/11 11:38 AM (12 years, 1 month ago) |
|
|
I've been meaning to use something like that for a while now. I guess Im just paranoid Ill lose the database it creates somehow and not have access to any of my passwords. I guess I could just put it in my dropbox folder and it would be saved to the cloud automatically?
|
frith
God

Registered: 10/27/09
Posts: 7,512
Loc: Philadelphia, PA
|
Re: Email hacked, what do? [Re: Chespirito]
#15458739 - 12/03/11 11:55 AM (12 years, 1 month ago) |
|
|
Quote:
Chespirito said: I guess I could just put it in my dropbox folder and it would be saved to the cloud automatically?
You could do that. I have the backup stored on two of my servers just in case one goes down. The backup has a different password with the same salt. I follow this naming convention:
Password-DB-DATE_GENERATED.kdb <-- Stored on laptop Password-DB-DATE_GENERATED.BACKUP.kdb <-- Stored on server(s)
A salt just means that you have the same ending to every password. Store every randomly generated password to Keepassx but don't include the salt. For example:
You store your GMail password in Keepassx as this: dUcrev6cuStuhu6u
But the actual password needed to log into GMail is dUcrev6cuStuhu6usfx2
dUcrev6cuStuhu6u <-- Stored password (does not work alone) dUcrev6cuStuhu6usfx2 <-- Actual password.
5PeBreqeFR9jawaw <-- Stored password in Keepassx for yahoo 5PeBreqeFR9jawawsfx2 <-- Password actually needed for yahoo yeyA55fuW7uquhAr <-- Stored password in Keepassx for amazon yeyA55fuW7uquhArsfx2 <-- Password actually needed for amazon
This way even if someone jumps on your computer and you forgot to shut down Keepassx, they will still not be able to get into anything because they won't have the salt (which is sfx2 in this case). You don't have to remember passwords any more.. just the little 4 digits (or whatever) you append to the end.
Hopefully I explained that well enough.. Keepassx is a great little tool for managing this stuff.
--------------------
Edited by frith (12/03/11 11:59 AM)
|
Baby_Hitler
Errorist




Registered: 03/06/02
Posts: 27,587
Loc: To the limit!
Last seen: 35 minutes, 18 seconds
|
Re: Email hacked, what do? [Re: koraks]
#15458853 - 12/03/11 12:22 PM (12 years, 1 month ago) |
|
|
Quote:
koraks said: Just change all your passwords.
Quote:
Baby_Hitler said: What I really need is the same software that a hacker would use to mine the data in my inbox to help me find all the accounts that need passwords changed, if it isn't already too late.
It doesn't work like that. If one account is compromised, then assume all of them are and change your passwords.
No, I mean to find all of them. Not to determine which ones need to be fixed.
For example, I just changed my newegg password because to access my newegg account, all you needed was:
Email: Password:
I've used this information for a bergillion other sites that I can't even remember. They could mine these sites for information about me, such as credit card information, which is my main concern. They could have gotten my full name and address just by scanning my email. The last 4 numbers of my credit card were probably pretty easy to come by as well.
Number one risk is probably from them logging in to a site and ordering stuff directly from the site.
-------------------- Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ (•_•) <) )~ ANTIFA / \ \(•_•) ( (> SUPER / \ (•_•) <) )> SOLDIERS / \
|
koraks
Registered: 06/02/03
Posts: 26,667
|
|
Ahh,right. Well, I don't know of a reliable way to find what accounts have been hacked, other than gaining access to the server logs on which your accounts are hosted and trace back where someone logged into your accounts at a moment that it wasn't you.
|
Chespirito
Stranger



Registered: 02/13/09
Posts: 3,259
|
Re: Email hacked, what do? [Re: frith]
#15459460 - 12/03/11 02:41 PM (12 years, 1 month ago) |
|
|
Yea I dig it, thats pretty reasonable. I need to get my parents on board with something like this, their bank password is laughably easy. When you tell the program to randomly create a new password, how many characters do you tell it to use? I guess I've never investigated the maximum number of characters that most sites will accept, maybe 16?
|
Chespirito
Stranger



Registered: 02/13/09
Posts: 3,259
|
Re: Email hacked, what do? [Re: Chespirito]
#15459466 - 12/03/11 02:42 PM (12 years, 1 month ago) |
|
|
Also, what if you want to log into your email from a random computer? How do you get access to the password?
|
Baby_Hitler
Errorist




Registered: 03/06/02
Posts: 27,587
Loc: To the limit!
Last seen: 35 minutes, 18 seconds
|
|
Quote:
reeferaddict69 said: I'd bet money you were using yahoo or hotmail. Get on the gmail bandwagon breh.
I have one gmail account.
Why u think gmail so great?
-------------------- Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ Ƹ̵̡Ӝ̵̨̄Ʒ (•_•) <) )~ ANTIFA / \ \(•_•) ( (> SUPER / \ (•_•) <) )> SOLDIERS / \
|
frith
God

Registered: 10/27/09
Posts: 7,512
Loc: Philadelphia, PA
|
Re: Email hacked, what do? [Re: Chespirito]
#15488776 - 12/08/11 10:28 PM (12 years, 1 month ago) |
|
|
Quote:
Chespirito said: Also, what if you want to log into your email from a random computer? How do you get access to the password?
jump drive. encrypt its filesystem if you're really paranoid.
--------------------
|
snoot
look alive ∞



Registered: 01/30/05
Posts: 9,640
Loc: 45º parallel
Last seen: 3 days, 2 hours
|
Re: Email hacked, what do? [Re: frith]
#15492745 - 12/09/11 08:15 PM (12 years, 1 month ago) |
|
|
If you have a credit card tied into any of the accounts you may be suspect of, I would inform your bank and let them know that it is possible that your account my be compromised, this way they can contact you right away if they are suspicious of any transaction in the future.
--------------------
∞ I am incapable of conceiving infinity, and yet I do not accept finity. - Simone de Beauvoir -
|
Magenta
I care!!



Registered: 06/14/09
Posts: 20,322
Loc: The land of plenty
Last seen: 2 months, 4 days
|
Re: Email hacked, what do? [Re: Robo]
#15528952 - 12/17/11 01:26 AM (12 years, 1 month ago) |
|
|
i agree with luvdemshrooms. I was stupid enough to click a link some chick sent to me from msn, and i'm sure she stole my cookies and hacked my hotmail that way, and changing my password solved it, as simple as that.
Quote:
reeferaddict69 said: i'd bet money you were using yahoo or hotmail. Get on the gmail bandwagon breh
I have several hotmail and one gmail. I'd be interested to know why you think gmail has an advantage. I am not a security expert and haven't looked into these two email services, but i'm sure you wouldn't share an opinion like that for no reason, and i'm interested in the situation.
--------------------
|
|