Author Topic: WARNING about Account Hijacking  (Read 8891 times)

0 Members and 1 Guest are viewing this topic.

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 39262
  • Country: au
    • EEVblog
WARNING about Account Hijacking
« on: May 01, 2024, 12:06:39 am »
WARNING: We have had a huge uptick in the number of hijacked accounts on the forum.
Security on the forum has NOT been compromised, it's because spammers have gotten a stolen credentials list, and people reuse passwords.
Please DON'T REUSE PASSWORDS, and change your pasword if you think you have been compromised.
And if you get an email that someone has tried to log into your forum account, if means your details have been compromised elsewhere and other accounts you have on other sites are at risk.

This has been mostly happenign to older accounts that don't often get used, but and automated script we now have in place to detect this is showing up to 4 accounts per day being compromised, hence the recent uptick in spam necroposting from established accounts.
 
The following users thanked this post: PeterG, thm_w, Kean, Addicted2AnalogTek, Nominal Animal, Martin72, andy3055, mendip_discovery

Offline strawberry

  • Super Contributor
  • ***
  • !
  • Posts: 1199
  • Country: lv
Re: WARNING about Account Hijacking
« Reply #1 on: May 01, 2024, 09:17:16 pm »
ahoy
I am here, shall me show who are made of wood or steel
I am here, if they have got guts even to try
 

Offline Kean

  • Supporter
  • ****
  • Posts: 2544
  • Country: au
  • Embedded systems & IT consultant
    • Kean Electronics
Re: WARNING about Account Hijacking
« Reply #2 on: May 04, 2024, 12:55:09 pm »
Probably made easier due to the publicly available member list which they can try cross-referencing against user names or partial email addresses with leaked credentials from other sites.
A pain in the rear, but it is what is is and part of the process these days of putting almost anything on the Internet.
 

Offline schwaggins

  • Contributor
  • Posts: 14
  • Country: au
Re: WARNING about Account Hijacking
« Reply #3 on: August 22, 2024, 11:00:27 pm »
Thanks for unfreezing my account, my all Chrome data got stolen then reposted on some dark web forum. 541 compromised passwords is not fun to deal with
 
The following users thanked this post: EEVblog

Offline radiolistener

  • Super Contributor
  • ***
  • Posts: 4171
  • Country: 00
Re: WARNING about Account Hijacking
« Reply #4 on: August 28, 2024, 03:08:18 pm »
my all Chrome data got stolen then reposted on some dark web forum

How it happens?
 

Offline Kean

  • Supporter
  • ****
  • Posts: 2544
  • Country: au
  • Embedded systems & IT consultant
    • Kean Electronics
Re: WARNING about Account Hijacking
« Reply #5 on: August 28, 2024, 03:14:23 pm »
my all Chrome data got stolen then reposted on some dark web forum

How it happens?

Usually via malware
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 8321
  • Country: de
  • A qualified hobbyist ;)
Re: WARNING about Account Hijacking
« Reply #6 on: August 28, 2024, 03:41:51 pm »
For example: Qilin ransomware caught stealing credentials stored in Google Chrome (https://news.sophos.com/en-us/2024/08/22/qilin-ransomware-caught-stealing-credentials-stored-in-google-chrome/)
 

Offline Halcyon

  • Global Moderator
  • *****
  • Posts: 6166
  • Country: au
Re: WARNING about Account Hijacking
« Reply #7 on: January 10, 2025, 12:56:19 am »
Thanks for unfreezing my account, my all Chrome data got stolen then reposted on some dark web forum. 541 compromised passwords is not fun to deal with

In my profession, over the past 6 months or so, we've seen a significant up-tick of credential stealers or threat actors getting access to saved passwords in browsers or Google Password Manager. Usually as a result of malware (not always detected by antivirus/EDR tools) and via phishing emails/fake login websites.

Do yourself a favour and use a dedicated password manager, such as Bitwarden (my preferred option), LastPass, or 1Password. There are many others out there. Use phishing resistant MFA methods (like Yubikeys) where possible, and never recycle passwords or base your passwords of a common pattern (e.g.: Bob123!, Bob234# etc...)
« Last Edit: January 10, 2025, 12:58:44 am by Halcyon »
 
The following users thanked this post: EEVblog, thm_w, andy3055

Offline johnh

  • Regular Contributor
  • *
  • Posts: 226
  • Country: au
Re: WARNING about Account Hijacking
« Reply #8 on: January 10, 2025, 06:26:07 am »
I use Password Safe.   They have Windows/Linux  version. Someone has ported it to Android

The reason I like it you can copy the password, without displaying  the password on the screen

It support yubikey as well

https://pwsafe.org/
 

Offline EEVblogTopic starter

  • Administrator
  • *****
  • Posts: 39262
  • Country: au
    • EEVblog
Re: WARNING about Account Hijacking
« Reply #9 on: January 10, 2025, 10:23:32 am »
Probably made easier due to the publicly available member list which they can try cross-referencing against user names or partial email addresses with leaked credentials from other sites.
A pain in the rear, but it is what is is and part of the process these days of putting almost anything on the Internet.

I assume that when they steal your email and passwords from your computer they also steal your history of site logins?
That seems the obvious way so many spammers with stolen databases can find and access this otherwise obscure forum.
 

Offline Kean

  • Supporter
  • ****
  • Posts: 2544
  • Country: au
  • Embedded systems & IT consultant
    • Kean Electronics
Re: WARNING about Account Hijacking
« Reply #10 on: January 11, 2025, 04:40:29 am »
Probably made easier due to the publicly available member list which they can try cross-referencing against user names or partial email addresses with leaked credentials from other sites.
A pain in the rear, but it is what is is and part of the process these days of putting almost anything on the Internet.

I assume that when they steal your email and passwords from your computer they also steal your history of site logins?
That seems the obvious way so many spammers with stolen databases can find and access this otherwise obscure forum.

Depends on whether the password is stolen from your PC via malware in which case grabbing that extra info is certainly possible, or it leaked from a website breach using poor encryption (where they wouldn't have access to any of your other browser history).
 

Offline coromonadalix

  • Super Contributor
  • ***
  • Posts: 7113
  • Country: ca
Re: WARNING about Account Hijacking
« Reply #11 on: January 11, 2025, 05:12:59 am »
yeah  happened to me,  malware payload grabbed every password stored in the web browsers,      man i had to rush   changing all precious ones, bank  and install microsoft authenticator

when i saw computer going strange,  killed  it,         and used an plan B computer   all my pw  where stored on excel file in an usb key next to the B computer    just in case

and once in a while   it pop many requests around the world  |O
« Last Edit: January 11, 2025, 05:15:06 am by coromonadalix »
 

Offline Karel

  • Super Contributor
  • ***
  • Posts: 2279
  • Country: 00
Re: WARNING about Account Hijacking
« Reply #12 on: January 11, 2025, 08:35:33 am »
Let me guess, you used a windows pc to access the internet and/or you installed software from an unreliable source...  :palm:

edit:
If you insist on using the most used desktop-os and using the most used internet browser, don't get surprised that you are in the crosshairs of malware writers.
« Last Edit: January 11, 2025, 08:37:58 am by Karel »
 

Offline madires

  • Super Contributor
  • ***
  • Posts: 8321
  • Country: de
  • A qualified hobbyist ;)
Re: WARNING about Account Hijacking
« Reply #13 on: January 11, 2025, 11:20:58 am »
I assume that when they steal your email and passwords from your computer they also steal your history of site logins?
That seems the obvious way so many spammers with stolen databases can find and access this otherwise obscure forum.

A common practice of cyber criminals is to copy browser cookies which are often used as keys by websites. The convenience of a cookie based authentication instead of the normal login procedure with credentials makes that kind of attack simple. It's even done for session cookies with a short lifespan.
 


Share me

Digg  Facebook  SlashDot  Delicious  Technorati  Twitter  Google  Yahoo
Smf