Jump to content

[Q] Data breach Email


Recommended Posts

Hello,

Sorry for posting here, i don't know where i should post about this.

The story is.. That i created an account on GOG like 2/3 week ago. Bought a game that was cheap there, 1 day later i got an email that someone tried to acces my account on GOG (the guy couldn't login because i had protection on). I was 100% that this wasn't phishing. Did a search about it and had to change my password.
Then i realised if my email/pw got leaked so i checked ihavebeenpwned and yes my email and pw got "data breached". After doing a check on my email, someone also tried to login to my email, he couldn't do it because offcourse i didn't use the same password on my email.

So i got a bit paranoiac and did a adwcleaner + malwarebytes check on my pc and couldn't find anything. So i think i'm safe from anything such as keylogger right?
I know which password he used, so what i did was check if i used that pw on important websites/apps and i changed it. Just to mention yes i do have and use 2FA and SMS protection and such things on all websites/apps i use (if they have one). So it's kinda impossible for them to hack it. Unless they got into my IP adress. But i doubt it because i don't use search risky stuffs. My day is just Youtube, Twitch or Gaming.

What i don't understand is, today the guy tried to acces an website that i even don't remember i used and would like to know how they know i have an account there? Is it just a guessing game or do they have a list of it?

Is there a reason i should still be paranoiac about it?
Like i did change my passwords on the most importants websites/apps, Did a malware scan and adwcleaner.
Also is there enough reason that i should change my mail?
I hope i can feel 100% sure and chill :')

Link to post
Share on other sites

  • Root Admin

Hello @Soort

I'm sure that they simply did a bit of searching mixed with common sites to try and test. Not all sites have 2FA setup.

Just remember that one should never use the same password for different sites. Never use these easy to sign in features such as sign in with Google or Facebook, etc. That is asking for trouble sooner or later. Use a Password Manager to manage your passwords.

 

Use Password Management software

Bitwarden
KeePass Password Safe

Make sure you use a strong master password
Then set the key transformation settings (the link below helps provide information on how to choose good settings)
https://pthree.org/2016/06/29/further-investigation-into-scrypt-and-argon2-password-hashing
KeePass Password Manager: Full Detailed Setup (good YouTube video on setup and using Keepass but choose the Argon2 method for Key transformation)

Password Managers Compared: LastPass vs KeePass vs Dashlane vs 1Password

https://www.theregister.com/2021/02/25/lastpass_android_trackers_found/

 

 

If you like we can assist you in scanning your computer to make sure it's not infected and offer further advice. If you'd like to do so please let me know.

Cheers

 

  • Thanks 1
Link to post
Share on other sites

5 hours ago, Soort said:

Hello,

what i don't understand is, today the guy tried to acces an website that i even don't remember i used and would like to know how they know i have an account there? Is it just a guessing game or do they have a list of it?

 

[edit] sorry, I didn't notice AdvancedSetup's reply

 

hi,

do you use a password manager?

I use Bitwarden (freeware, open source, multi-device and multi-language).

 

These people use some tool to log in with the credentials found to access several sites at the same time,

you may want to read

https://www.troyhunt.com/password-reuse-credential-stuffing-and-another-1-billion-records-in-have-i-been-pwned/

Sorry for my english

I hope it helps

Edited by leofelix
  • Thanks 1
Link to post
Share on other sites

4 minutes ago, AdvancedSetup said:

If you like we can assist you in scanning your computer to make sure it's not infected and offer further advice. If you'd like to do so please let me know.

Good to know that they're just trying one by one. I did make difficult password this time.
I definitelly would like to do that. Before we start, how long does it take to scan? Because it's getting late here.
Cheers

Link to post
Share on other sites

@Soort

It sounds like you are on it.  You know to change your password and you visited https://haveibeenpwned.com/  and determined you were in a Breach.

Once your email address is known associated with your name, it is possible they could use that information to create an account somewhere under that information.

However the account would send email to your email address and the third party won't see it.  You will.  That is as long as the email Password has been changed.

This can be a confusing issue.  You seem to understand it all but, maybe, you are frustrated with it all.

  • Thanks 1
Link to post
Share on other sites

  • Root Admin

Please run the following steps and post back the logs as an attachment when ready.
Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.
Temporarily disable Microsoft SmartScreen to download software below if needed. Make sure to turn it back on once the scans are completed.
If you still have trouble downloading the software please click on Reveal Hidden Contents below for examples of how to allow the download.

 

Spoiler
 
 
 
 

 

Spoiler

 

When downloading with some browsers you may see a different style of screens that may block FRST from downloading. The program is safe and used hundreds of times a week by many users.

Example of Microsoft Edge blocking the download

image.png

image.png

image.png

 

 



STEP 01

  • If you already have Malwarebytes installed then open Malwarebytes and click on the Scan button. It will automatically check for updates and run a Threat Scan.
  • If you don't have Malwarebytes installed yet please download it from here and install it.
  • Once installed then open Malwarebytes and select Scan and let it run.
  • Once the scan is completed make sure you have it quarantine any detections it finds.
  • If no detections were found click on the Save results drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If there were detections then once the quarantine has completed click on the View report button, Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If the computer restarted to quarantine you can access the logs from the Detection History, then the History tab. Highlight the most recent scan and double-click to open it. Then click the Export drop-down, then the Export to TXT  button, and save the file as a Text file to your desktop or other location you can find and attach that log on your next reply.
  • If Malwarebytes won't run then please skip to the next step and let me know in your next reply that the scanner would not run.

STEP 02

Please download AdwCleaner by Malwarebytes and save the file to your Desktop.

  • Double-click to run the program
  • Accept the End User License Agreement.
  • Wait until the database is updated.
  • Click Scan Now.
  • When finished, if items are found please click Quarantine.
  • Your PC should reboot now if any items were found.
  • After reboot, a log file will be opened. Attach or Copy its content into your next reply.

RESTART THE COMPUTER Before running Step 3

STEP 03
Please download the Farbar Recovery Scan Tool and save it to your desktop.

Note: You need to run the version compatible with your system. You can check here if you're not sure if your computer is 32-bit or 64-bit

  • Double-click to run it. When the tool opens, click Yes to disclaimer.
  • Press the Scan button.
  • It will make a log (FRST.txt) in the same directory the tool is run. Please attach it to your reply.
  • The first time the tool is run, it also makes another log (Addition.txt). If you've, run the tool before you need to place a check mark here each time
  • Please attach the Additions.txt log to your reply as well.
  • On your next reply, you should be attaching frst.txt and additions.txt to your post, every time.

 

Thanks

Link to post
Share on other sites

1 hour ago, AdvancedSetup said:

Temporarily disable your antivirus or other security software first. Make sure to turn it back on once the scans are completed.

To be clear, do you ment this for step 3? Or also for step 1 and 2?

Link to post
Share on other sites

A scan will be for objects; files on a hard disk, what's running in RAM and what keys may be set in the Registry.

Scanning a hard disk is slower than RAM or within the Registry.  That speed is reflected in the total number of objects scanned.

Edited by David H. Lipman
Edited for content, clarity, spelling and grammar
  • Thanks 1
Link to post
Share on other sites

On 2/27/2021 at 5:18 AM, AdvancedSetup said:

I have seen it happen for some users so not rare. As long as the logs look good and the objects scanned seem right.

@AdvancedSetup I would like to tell you that i didn't complete STEP 03 yet because it's unclear for me how to do it. You asked to disable Microsoft Smartscreen, which i don't know how. I tried to look out but i couldn't find Microsoft Smartscreen listed in the registry. Also do i have to disable Microsoft Smartscreen only for STEP 03 or also for STEP 01 and 02?
Because i used AdwCleaner and Malwarebytes without disabling anything.

@David H. Lipman Hello again, like you said i started getting spam mails, also a mail that it tells me i created an account somewhere. It looks like a fake one.
Is it worth to keep this email? Should i move my important accounts to a safe gmail account?

Link to post
Share on other sites

I do not know what "this" email you refer to is and thus I can't determine whether you should keep it or not.  I can state that that if you were part of a Breach it is an imperative to have changed the password and use a Strong Password and/or use the @AdvancedSetupsuggested, Multi-factor Authentication.

 

 

Link to post
Share on other sites

4 minutes ago, David H. Lipman said:

I do not know what "this" email you refer to is and thus I can't determine whether you should keep it or not.  I can state that that if you were part of a Breach it is an imperative to have changed the password and use a Strong Password and/or use the @AdvancedSetupsuggested, Multi-factor Authentication.

 

 

If that's what needs to be done, i did make another strong password. I also have a phone, sms, authenticator app as MFA. Which means i shouldn't be worried about it. I understand it, thank you for your help.

Link to post
Share on other sites

  • Root Admin
Posted (edited)

If you can download FRST without disabling SmartScreen that's fine, please do. I only mention it because some users have trouble downloading with it enabled.

 

If needed here is an article

https://www.howtogeek.com/75356/how-to-turn-off-or-disable-the-smartscreen-filter-in-windows-8/

or this one

https://www.thewindowsclub.com/how-to-enable-or-disable-smartscreen-filter-in-internet-explorer-9

 

 

Edited by AdvancedSetup
updated information
Link to post
Share on other sites

9 hours ago, AdvancedSetup said:

You can post it here as an attachment or in a Private Message as an attachment. It typically only takes a few minutes to check most logs

 

I sent you in private.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    No registered users viewing this page.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.