I have been hacked!

[tsavvy]

This is what happened:
I received an email from bitfinex.com.saying I was acessing my account. When I went to gmail to check it out the email suddenly disappeared.

I went to check my google activity and there it was:. An IP that originated from Zurich accessed my Google, Poloniex, Blockchain.com, Bitfinex and Huobi accounts.

Who knows what else is out there now?

Luckily I updated most of my passwords and immediately activated 2 factor authentication on Google Authenticator for most of my online accounts and sms for the remaining that doesnt support GA.

 

[biometrics]

This is what happened:
I received an email from bitfinex.com.saying I was acessing my account. When I went to gmail to check it out the email suddenly disappeared.

I went to check my google activity and there it was:. An IP that originated from Zurich accessed my Google, Poloniex, Blockchain.com, Bitfinex and Huobi accounts.

Who knows what else is out there now?

Luckily I updated most of my passwords and immediately activated 2 factor authentication on Google Authenticator for most of my online accounts and sms for the remaining that doesnt support GA.

Hope you didn't click on any links ...

 

[Bryn]

This is what happened:
I received an email from bitfinex.com.saying I was acessing my account. When I went to gmail to check it out the email suddenly disappeared.

I went to check my google activity and there it was:. An IP that originated from Zurich accessed my Google, Poloniex, Blockchain.com, Bitfinex and Huobi accounts.

Who knows what else is out there now?

Luckily I updated most of my passwords and immediately activated 2 factor authentication on Google Authenticator for most of my online accounts and sms for the remaining that doesnt support GA.

Were you using a password manager before this?

If not, get with the times and use LastPass. And order a YubiKey 4 too while you're at it. It's an NFC-enabled USB key with a button that provides awesomely secure authentication for desktop, laptop and mobile. It's so good that every Google employee is required to use one.

 

[crackersa]

Were you using a password manager before this?

If not, get with the times and use LastPass. And order a YubiKey 4 too while you're at it. It's an NFC-enabled USB key with a button that provides awesomely secure authentication for desktop, laptop and mobile. It's so good that every Google employee is required to use one.

My company gave us a yubi key and still waiting on the instructions on how to use it.

 

[biometrics]

My company gave us a yubi key and still waiting on the instructions on how to use it.

I'd be shooting up a school if I was you. Not acceptable!

 

[Bryn]

My company gave us a yubi key and still waiting on the instructions on how to use it.

Just go to YubiKey's website and find the documentation for your particular device. I have to assume it's explained adequately.

I have a YubiKey 4 coming in the mail thanks to subscribing recently to a year of WIRED for $10. It's a pretty good quality site, but I did it for the key. How they make money giving me digital access, a monthly print edition delivered to my door and a YubiKey 4 for $40 ($30 annual delivery fee for international customers) is a mystery.

 

[itareanlnotani]

Just go to YubiKey's website and find the documentation for your particular device. I have to assume it's explained adequately.

I have a YubiKey 4 coming in the mail thanks to subscribing recently to a year of WIRED for $10. It's a pretty good quality site, but I did it for the key. How they make money giving me digital access, a monthly print edition delivered to my door and a YubiKey 4 for $40 ($30 annual delivery fee for international customers) is a mystery.

Nice, have just subscribed, thats very reasonable for a sub to wired. Now hopefully I'll actually receive them. Last sub I had to something I got maybe 1 in 4...

 

[crackersa]

Just go to YubiKey's website and find the documentation for your particular device. I have to assume it's explained adequately.

I have a YubiKey 4 coming in the mail thanks to subscribing recently to a year of WIRED for $10. It's a pretty good quality site, but I did it for the key. How they make money giving me digital access, a monthly print edition delivered to my door and a YubiKey 4 for $40 ($30 annual delivery fee for international customers) is a mystery.

Good idea.

Things work like that here in the US. I did a promo for Directv now where I had to sign up for 3 months ($35/mo) and got a free Apple TV 4K ($179 value). My 3 months is up and I’m thinking about doing the promo again, will just use my work email

 

[AstroTurf]

2 factor authentication not on?

 

[EasyUp Web Hosting]

2 factor authentication not on?

Yeah, starting to think his username "tsavvy" isn't short for "techsavvy".

 

[Jet-Fighter7700]

2 factor authentication not on?

that, as wewll as signing up to breachalarm and haveIbeenpned help quite a bit,

been hacked numerous times, got the warning in time and changed the passwords to prevent anything being hacked.
but yes, authy and breachalarm have been good to me,

do have an interesting question for you guys,
is it possible to import all my saved logins from firefox password manager into lastpass or dashlane?

as that would sure help instead of creating everything from scratch.

 

[backstreetboy]

Just go to YubiKey's website and find the documentation for your particular device. I have to assume it's explained adequately.

I have a YubiKey 4 coming in the mail thanks to subscribing recently to a year of WIRED for $10. It's a pretty good quality site, but I did it for the key. How they make money giving me digital access, a monthly print edition delivered to my door and a YubiKey 4 for $40 ($30 annual delivery fee for international customers) is a mystery.

Thanks. Maybe I'll buy two and send it to a US forwarding address. Don't want SAPO to take it.

 

[SauRoNZA]

Classic case of using the same password on everything.

2FA on your Google Account was a good start. Now start using Google Passwords to generate random passwords for each and every one of your online accounts instead of manual (and the same) password you are currently using.

You can look them up on passwords.google.com when you need to and that page itself will be protected by your 2FA.

Go make sure none of the compromised accounts had API access enabled.

***

Also change your username....because it's inaccurate.

 

[airborne]

Hope you didn't click on any links ...

What actually happened to the op, even clicking on a link that may install malware isn't going to instantly expose account details for online accounts?

If the op followed a link and typed in log in info on a phishing site that's different but that didn't happen?

 

[gregmcc]

I have a YubiKey 4 coming in the mail thanks to subscribing recently to a year of WIRED for $10. It's a pretty good quality site, but I did it for the key.

Thanks. Post of the day!

That's a sweet deal. Just subscribed as well. Even If I dont read the magazine its a Yubikey fort $10! Been wanting to get one for a while.

 

[The_Librarian]

Had 2FA on my googly stuff enabled three years ago.

Better that way.

 

[envo]

Why didn't you have 2FA on gmail and all of the other exchanges on as a default? Why do people still ignore it? especially considering the obvious crypto in those wallets? Would you leave your online banking open like that too? ignoring their constant pleas and harassment to enable 2FA?