General / Off-Topic So..., I was Hacked...

Remus

Remus
A month ago someone hacked my credit card and stole money from me. Almost 1000euros.
Its one of those new gen credit cards with NFC payment.
Fortunately I found out rather quickly.
Blocked the card, got a refund from the bank and a new card.

Happy ending ?

Not quite.

Now I discover that my amazon account has been hacked !

Could it be related ?

I contacted amazon right away, they told me someone changed my email address. Of course it wasn't me. I received then an email telling me that my amazon account email was changed.

The new email is clearly a bot, and from russia.

Amazon erazed all my credit card data from this account, I hope that I reacted fast enough, the change took place at 19h00 local time and I noticed at roughly 20h00.

And now I am wondering, should I press the big button and reformat my PC ?

I did noticed sometime ago that Kaspersky found out that my version of CC cleaner contained the famous trojan horse, I deleted it immediately after that.

But still, is it too late ?

If anyone among you has allredy dealed with such a situation your input would be much appreciated since I am a bit lost, and scared.

If I end up reformating my PC, could someone please tell me how to proceed since I never had to do so before.

Much appreciated.

*I went to change my ED passwords*
 

Chris Simon

Chris Simon
Ow, that sucks.
I had my credit card data stolen once but my bank saved me. They called me in the middle of the night and told me that someone tried to use my credentials to pay in some hotel in New York, which triggered some kind of alarm, because several hours earlier I paid something with that credit card in Cardiff, so they stopped that transaction. I confirmed that I am still very much in Cardiff and they cancelled the card and sent me new one.
I never found out from where the card info was leaked, though.

As for you, it may be the Amazon database they got your info from. In any case, yes, it's a good idea to change all accounts tied to that email and card and update the passwords.

If it's your PC that got hacked, you should be able to find the malware, somewhere. Try Kaspersky security suite, I think they have free version. If you have Windows 10, the system reset is pretty straightforward, if you have W7, you'd need to reinstall the system from scratch.

It's a major pain in the back. You have my sympathies.
 
Last edited:

Remus

Remus
Thanks, the malware was found, it was Ccleaner.
Kaspersky deleted the malware, and I deleted Ccleaner after that.

Tho I'm still not sure if it was via the pirated Ccleaner that I got hacked.

How do I do a Win 10 reset ?

PS, I changed AAAALLLLL my passwords, except those from youtube since google don't let me.

I changed STEAM, ED forums, ED store, Paypal and Origin. Wanted to change youtube but to no avail, not that I have my credit card or anytyhing, but you know better safe than sorry.
 

Zetta

Zetta
I don't think it is related to the CC Cleaner trojan, at least not from your end. From what I remember that was almost specifically aimed at a number of businesses rather than being a keylogger for home users.

I also don't think the 2 are related because of the time frame between them, typically anyone engaged in CC theft/fraud will use them asap because it's more likely that after the 1st case is spotted people will change their passwords/be on high alert etc.

Is it possible that your details/passwords were obtained from one of the many large sites that were hacked this year? I don't know what sort of strength passwords you use but perhaps look into beefing them up a bit, maybe consider getting a credit card that you can preload and using that for your online purchases only.
 

Minonian

Banned
Minonian
Remus said:
Thanks, the malware was found, it was Ccleaner.
Kaspersky deleted the malware, and I deleted Ccleaner after that.

Tho I'm still not sure if it was via the pirated Ccleaner that I got hacked.

How do I do a Win 10 reset ?

PS, I changed AAAALLLLL my passwords, except those from youtube since google don't let me.

I changed STEAM, ED forums, ED store, Paypal and Origin. Wanted to change youtube but to no avail, not that I have my credit card or anytyhing, but you know better safe than sorry.
Click to expand...
Remove Kapersky ASAP. typical russian viral campaign tactics to get your accounts. Than turn into campaign bots, and kapersky used by the russian Secret services.

About You tube? You must change the whole google / gmail acc for that.
 

Remus

Remus
I'll do that, I already contacted my bank.

As for my passwords, I use a combination of letters and numbers with caps and minuscules.

In order to memorise them better I often chose names or words, and change them in 1337. |( historical figures, places, numbers and letters in other languages, like Omicron )

And because I have so many of them and so different, I note them all in a little notebook ( physical that one ) that I keep safe at home.

I beleive that my credit card hack via FSD is what instigated all, but how the hell did they got my email and password for amazon is beyond me.
 
Last edited:

wstephenson

wstephenson
Remus said:
I'll do that, I already contacted my bank.

As for my passwords, I use a combination of letters and numbers with caps and minuscules.

In order to memorise them better I often chose names or words, and change them in 1337. |( historical figures, places, numbers and letters in other languages, like Omicron )

And because I have so many of them and so different, I note them all in a little notebook ( physical that one ) that I keep safe at home.

I beleive that my credit card hack via FSD is what instigated all, but how the hell did they got my email and password for amazon is beyond me.
Click to expand...

I highly recommend KeePass as an encrypted password store over your little black book. If you need to share it between devices, put the file in Dropbox.
 

Remus

Remus
wstephenson said:
I highly recommend KeePass as an encrypted password store over your little black book. If you need to share it between devices, put the file in Dropbox.
Click to expand...

The whole point of the book is avoiding to put them anywhere accessible trough a PC.

Is like putting a box inside another box isn't it ?

Edit : I erased all my cookies and passwords trough firefox and opera.
 
Last edited:

Zetta

Zetta
I use a password system that I keep in plain text files on my PC :) All entries in the file have the 90% of the password / username / email address missing so they'd be pretty useless if someone was to access it but they give me enough information that I can easily remember it.
I don't like the idea of relying on a 3rd party for my passwords especially if they're totally random so I like to use a tiered system with different salts for each tier, I then combine a site indentifier with the salt so that I have a memorable password for each site.
 

Ian Skippy

Ian Skippy
Dont just reset, keyloggers can get reactivate. Start by using a different pc and change all passwords of all important accounts immediately. Dont access anything from the infected pc until it is clear.
 

Minonian

Banned
Minonian
Remus said:
I'll do that, I already contacted my bank.

As for my passwords, I use a combination of letters and numbers with caps and minuscules.

In order to memorise them better I often chose names or words, and change them in 1337. |( historical figures, places, numbers and letters in other languages, like Omicron )

And because I have so many of them and so different, I note them all in a little notebook ( physical that one ) that I keep safe at home.

I beleive that my credit card hack via FSD is what instigated all, but how the hell did they got my email and password for amazon is beyond me.
Click to expand...

Same system in there with the addition of some totally random symbols. And the password comes from one of my books i just randomly pick up one out of the many 100, than open up and the first longer world going to be the leeted password. No amount of social engineering going to help out a hacker in there, they cannot find out by knowing my birth date cat / dog name or anything alike. And they can forget about dictionary hacking too, what remains brute force hacking with an awfully long password, which uses up all accessible symbol and letter. And since i also changing the most important ones time after time?

How i store my password? Old Mico Sd card hidden in somewhere. A crack in the floor will do, so good luck with finding it. :D
 

COOPER TTE

COOPER TTE
Wait, keyloggers etc can reactivate after a clean install and hdd reformat? Is that really possible? Or do you mean a different kind of reset? *worriedface*
 

Minonian

Banned
Minonian
COOPER TTE said:
Wait, keyloggers etc can reactivate after a clean install and hdd reformat? Is that really possible? Or do you mean a different kind of reset? *worriedface*
Click to expand...
Correct. You need to do a low level reformatting whic cleans out everything including closed down and invisble sectors on your disk. Preferably from a CD or DVD rom (so it cant infect the disk) which created in a clean machine, and did / supplemented by a rootkit cleaner bootdisk. (more is preferred)
 

Zak Gordon

Zak Gordon
Remus said:
The whole point of the book is avoiding to put them anywhere accessible trough a PC.
Click to expand...

Exactly. The whole origin of the problem is the 'online' part, and when you have a breach like this you must assume ALL your online data is compromised.

At least with your little 'black book' of passwords, it will require an actual physical (as long as you keep it out of view of any webcams you might have!) break-in of your place to get at. For what it is worth i rank that system a whole level over any online solution for password management.

If it's online, it's accessible by hackers, i don't care what level of protection you think you might have. In this age of data-gathering and state level hacking, and tools from those available on the black market, nothing online is 100% safe.

On other thing you might consider, you can ask your bank to set a limit on how much cash can be used by your cards online. It might be prudent for a while as you monitor your situation to set a limit for that.

I do it as a default thing, mine is set at lower than the credit card default limit, but high enough for general usage (for me). IF i need to make a bigger purchase online (and i try to avoid that) i can call the bank and make an arrangement etc.

--------------

I would also visit bleepingcomputers and have a go at some of their most popular tools to scan for 'bad things':

https://www.bleepingcomputer.com/

They have forums to ask questions and get more info if you need to.
 
Last edited:

Ian Skippy

Ian Skippy
COOPER TTE said:
Wait, keyloggers etc can reactivate after a clean install and hdd reformat? Is that really possible? Or do you mean a different kind of reset? *worriedface*
Click to expand...

Most run-of-the-mill keyloggers and such aren't that sophisticated, but yeah, definitely. Stuff like infecting the BIOS or the firmware of external hardware. Fun stuff. :D On a brighter note, while getting rid of such stuff is not trivial, basic security should pick up that something is still wrong. Also, it is easy to write stuff that works on all computers with a specific OS. It is AFAIK impossible to make stuff hide in the bios and such without specifically targeting a small range of hardware. Usually hackers just want as many cc data as possible, its not worth it to write a version just for you. :p
 
Last edited:

Minonian

Banned
Minonian
That's the other thing. If something like this happens and your machine not becomes clean?

Than do it again the whole process starting with low level format adding up with all sort of firmware and bios flashing, and even after that? You can'T be sure, and even less sure how long that nasty infection slept before waken up, so? Start a check of all external data devices including written DVD's.

Had this sort of nasty infections not just once. Multiple virus busters, and anti rootkit cleaners sometimes just the start.
 

OnePercent

OnePercent
Same thing happened to me, amazon account got hacked, due to my email address being compromised, I think that same russian email address replaced mine too, I immediately cancelled all credit cards on my account and haven't lost anything it seems.
 
You must log in or register to reply here.
Back
Top Bottom