Was I hacked?

marklcfc

Gold Level Poster
I wasn't sure where to post this but since the 13th I've been having problems.

Firstly, I run a website that uses Amazon SES to deliver emails upon registration, notifications that kind of thing. On average I sent 100-150 emails a day. I received a warning yesterday that I my Amazon SES account was locked due to 411,000 emails being sent since the 13th. I can't understand how that can happen. I've asked Amazon to provide details of those emails but have yet to be given an example. I've had no failure to deliver emails either, or complaints. I'm at a loss as to whats gone on.

Second, my Spotify account was being used by someone else from the 16th. I logged in and there were 70 playlists, 100's of liked songs of someone else. They were also using it because my recently played was constantly updating with new things even after removing them. I had to contact Spotify to delete my account and create a new one.

Thirdly, I received a notification that my Facebook account was attempted to get into last night. Admittedly, Spotify and Facebook had the same password. But the Amazon login used a different email and a password that couldn't be known unless it was written down in front of you.

I did store these passwords on a text file on my computer, so I could have different passwords and look what they were for reference. But I also saved them into Chrome as well when it says 'remember this password..

I've spent all night changing passwords for everything I can think of and reinstalling Windows from scratch. I don't know how this has happened though to prevent it again.
 

SpyderTracks

We love you Ukraine
I wasn't sure where to post this but since the 13th I've been having problems.

Firstly, I run a website that uses Amazon SES to deliver emails upon registration, notifications that kind of thing. On average I sent 100-150 emails a day. I received a warning yesterday that I my Amazon SES account was locked due to 411,000 emails being sent since the 13th. I can't understand how that can happen. I've asked Amazon to provide details of those emails but have yet to be given an example. I've had no failure to deliver emails either, or complaints. I'm at a loss as to whats gone on.

Second, my Spotify account was being used by someone else from the 16th. I logged in and there were 70 playlists, 100's of liked songs of someone else. They were also using it because my recently played was constantly updating with new things even after removing them. I had to contact Spotify to delete my account and create a new one.

Thirdly, I received a notification that my Facebook account was attempted to get into last night. Admittedly, Spotify and Facebook had the same password. But the Amazon login used a different email and a password that couldn't be known unless it was written down in front of you.

I did store these passwords on a text file on my computer, so I had alot of different passwords. But I also saved them into Chrome as well when it says 'remember this password..

I've spent all night changing passwords for everything I can think of and reinstalling Windows from scratch. I don't know how this has happened.
First thing to do is a full scan includiing root kits with malwarebytes. Sounds like your system has been compromised and either a keylogger, or if you store your passwords in the browser, sounds like that's been compromised. I would run a scan rather than instantly reinstalling to determine if that is the source of the compromise so you know how to proceed. There's no point changing your passwords on that system if it is compromised as the new ones will be transmitted to the receiver.

This is why it's never a good idea to store passwords on the system itself, if it is compromised in anyway, all those stored details or typed details are transmitted to the receiver.

Always use a decent encrypted password manager like LastPass or something.

If your passwords are shared amongst different sites, it's possible it was just brute forced and they gained access to other sites using the same password, but that would be unlikely unless they had access to emails or something that told them which sites to try.

What method did you use to reinstall windows?
 

SpyderTracks

We love you Ukraine
The other area to be wary of is your mobile, is it android? If so that's at a much higher chance of being compromised than IOS, do you have antivirus installed on it? A lot of people think you don't need antivirus on a phone, you absolutely do.

Is the OS up to date on the mobile? If it's not, that will likely leave avenues that can be exploited.

If you're not certain the compromised kit was the PC, then absolutely reinstall the mobile also just to be safe.
 

ubuysa

The BSOD Doctor
That rather does sound like you've been hacked in some way. That's too many issues to just be a glitch.

Reinstalling Windows and changing passwords is the way to go, but don't change the passwords until you've reinstalled Windows.

The way you've been storing passwords in the past is open to abuse. You need a password manager, I use one called KeePass which makes easy to login but stores the passwords in an encrypted file.

I would strongly advise a password manager and avoid storing passwords anywhere else - including saving passwords in browsers.

Set up two factor authentication using your phone for all logins that support it.

KeePass can be had from https://keepass.info/
 

marklcfc

Gold Level Poster
First thing to do is a full scan includiing root kits with malwarebytes. Sounds like your system has been compromised and either a keylogger, or if you store your passwords in the browser, sounds like that's been compromised. I would run a scan rather than instantly reinstalling to determine if that is the source of the compromise so you know how to proceed. There's no point changing your passwords on that system if it is compromised as the new ones will be transmitted to the receiver.

This is why it's never a good idea to store passwords on the system itself, if it is compromised in anyway, all those stored details or typed details are transmitted to the receiver.

Always use a decent encrypted password manager like LastPass or something.

If your passwords are shared amongst different sites, it's possible it was just brute forced and they gained access to other sites using the same password, but that would be unlikely unless they had access to emails or something that told them which sites to try.

What method did you use to reinstall windows?
The first thing I did yesterday before changing all my passwords was download malwarebytes and run that but it found nothing. Its found two completely different email/password combinations which is the most concerning, not just one.

I have a usb with windows 10 on so I just wiped the whole C drive and installed a fresh copy. I then changed all the passwords, which are now currently stored on my phone (iOS) and not my computer or browser presently. I've heard about LastPass so I suppose I could try that instead though.

Like I said though, there were two completely different passwords, one I used regularly for Facebook and Spotify, and one for Amazon a random letter one that couldn't be worked out (also a different email for that)
 

marklcfc

Gold Level Poster
Is LastPass free to use?

Also don't understand how the hacking is possible though, it never happened on my previous computer and that was using older software.
 

Gavras

Master Poster
As above, it looks like pretty much everything has been compromised.

does anyone else have access to your PC and your password list?

If you have been using chrome, then be aware it has been updated pretty much continuously for last few weeks due to various exploits and vulnerabilitie.

Lass Pass and 2FA needs to be where you end up once you have a confirmed clean system.

You also need to confirm that your windows account has not been compromised and setup 2FA on it.

As above Clean first, fresh install, then slowly update and change passwords.

Long passwords rather than short complex.

minimum 12 characters is best habit to get in to.
 

marklcfc

Gold Level Poster
As above, it looks like pretty much everything has been compromised.

does anyone else have access to your PC and your password list?

If you have been using chrome, then be aware it has been updated pretty much continuously for last few weeks due to various exploits and vulnerabilitie.

Lass Pass and 2FA needs to be where you end up once you have a confirmed clean system.

You also need to confirm that your windows account has not been compromised and setup 2FA on it.

As above Clean first, fresh install, then slowly update and change passwords.

Long passwords rather than short complex.

minimum 12 characters is best habit to get in to.
No one has access to it.

I have used chrome for a long time and its connected to my gmail account which syncs bookmarks etc. I have since changed my gmail password along with everything else.

Where is the windows account information, is that just microsoft?
 

marklcfc

Gold Level Poster
I've been on Microsoft account and there was an attempt on 1st November to get into that, from the same IP that tried to get into my Facebook last night (located in Buffalo, USA) it was an incorrect password that time on the 1st though
 

Gavras

Master Poster
Have you 2FA on for your Gmail?

Gmail is fairly common as being hacked.



Windows, yes Microsoft, it’s your main account.


it should also show information of where access was attempted from.

Again 2FA and long Password, just because long does not make it hard to remember.

MyCat$name1sMarm!te
 

TonyCarter

VALUED CONTRIBUTOR
But don't you just hate it when a website only allows you 8 characters of alpha-numeric characters and you're trying to put in a # / ¡ / § / etc.

Some won't even accept my credit card (nor my old email address) unless I remove the hyphen in the surname.
 

SpyderTracks

We love you Ukraine
It’s an iPhone 8 on latest iOS, I have cleared safari and all passwords on that

Reddit was one password i hadn’t got round to changing
I would reinstall the phone also just to be sure.

Also enable 2fa on everything and don’t use text for 2fa, use an app manager like Microsoft Authenticator, works with any account.
 
Top