Home Forums I think i’m getting hacked. What do I do ?

This topic contains 1 reply, has 2 voices, and was last updated by  GT3CH1 1 month, 3 weeks ago.

  • Author
  • #415806


    I’m not someone that checks on my emails as often so I didn’t notice it , but when i opened it today , I realised someone has been trying to get on my steam account but kept failing . So i paid not much attention.

    But after like 30 mins , i kept getting spammed on my email , saying that someone has requested to change my Epic games account password and for some reason , they succeeded in changing it everytime. So i changed the password and added a 2fa to it and also changed the password on my email.

    Then it was all silent for a few hours , but now i’m getting even more mails from Steam saying they have a message for me , Postmates email of me signing up an account and now Uber .


    edit: YOOOO MY MAILS ARE GETTING DELETED RIGHT INFRONT OF ME . The hacker is SOMEHOW in my email wtf what do i do

  • #415807


    Add 2fa to your email too?

  • #415808


    And alas , A message from the hacker .

    “I’ll leave you alone now , i got what i need” and followed by “Anyways fuck you , I’m going to sell your info now . Quick bucks!!” and then deleted all of it.

    After nearly 3 hours of changing passwords , I guess i still lost . I lost my twitter account , spotify account and instagram account . When i had 2fa enabled on twitter and instagram. Just goes to show how useless it is i guess.

    I guess all i can do now is just change my bank information

  • #415809


    Update: Guy is STILL trying . He STILL has access to my mails as he is literally finding every single thing he can hack . Now he’s trying to hack into my cryptowallet and mining profile(nicehash) when there’s literally nothing inside.

  • #415810


    Yeah someone tried to get into my Steam last week. But I have 2 factor on. So I just logged in and changed my password just incase.

  • #415811


    That’s one of my worse fears! Never had anyone get that far, but changes a bunch of passwords recently because someone was trying to get into my accounts

  • #415812


    Are u sure the emails are real and no spoofed? It’s pretty common send you those messages so you think they got you, and when you change your password because you believed they change it and now they know about it.
    I would said, don’t use that pc. Change your password in another clean laptop and re register MFA in a clean phone. That’s all. Don’t click on any link in a email, use the browser instead

  • #415813


    Get a new phone number – new physical sim, new physical phone. Reset your email & any other admin accounts (like email, Apple if you use the iOS ecosystem) from the new device.

    Then, prioritize high value accounts: banking, 401k, stock trading – anything that directly ties to payment availability. Use a password manager to randomly generate passwords greater than 24 characters completely randomized. Keep going until you change every single password you have. Godspeed.

  • #415814


    Jesus christ , i just checked the devices attached to my email and there are 12 devices attached that i have no idea who or what are , weirdly enough , 6 of them were xbox one s’s

  • #415815


    Greaaaaaaat , now the guy is trying to get in my Paypal which i’ve already removed my card . Getting spammed by SMS’s for the verification code

  • #415816


    Hacker got my twitter account . Went in , changed my password twice so i got locked out . Then changed my email so i can no longer access it . Greatttt

  • #415817


    Unplug your modem from the internet, for the laptop maybe eventually try a Malwarebytes scan or wipe it to be sure.

    Change the password on your modem or whatever you’re using, change everything to non-standard credentials (not admin and default etc).

    Shut everything down to a single point of access then change PW again and disconnect all sessions across your emails simultaneously if possible. Then change it again. PW length matters more than characters, 20 or better is a good place to start.

    Start dialing it all down to things you control, and close anything else or suspend it.

    I’d call your bank to put them on alert.

  • #415818


    This is why you enable mfa ( multufactor authentication) on everything like that. Emails. Steam/epic games. Heck. Even reddit.

    Everything. ASAP!

  • #415819


    * Add 2fa to your email (if possible)
    * make sure to use whatever mail providers methods you have to log out of all active sessions
    * Don’t use links in the emails… they might be taking you to fake sites. Go to steam.com directly (or ea, or whatever)…
    * change your passwords for all sites
    * Make sure all sites have different passwords

  • #415820


    **Last update for the day. 830am.**

    I guess my info is out there already . I’m getting nonstop notifications of people trying to log into my google account and hotmail account from all kinds of countries , vietnam , UAE , Germany , USA etcetc.

    Oh well. I wouldn’t wish this on anyone , it really sucks to see everything get taken away and no matter how hard you fight , it’s useless. Even when I trusted the 2fa but it proved useless.

    It has been a looong night and i just got done changing all my passwords for the 8th time and clearing all my browser history , cookies and logging out of everything . It’s 830am now i think i’ve done all that I can .

    **Lastly , I’d like to thank everyone for replying and your respective advices . I might have missed yours , for that i’m sorry . It was hectic at the very least lol. This has shown me that you’re not safe no matter what safety precautions you take . This is the first time this has ever happened to me and I pray this happens to no one else.**

    **Again , Thanks everyone . :)**

  • #415821


    If you can get back into your gmail, log out all active sessions, then change the password. Then download an authenticator app to your phone. Turn off text message-based 2FA on your gmail and set it up to use the app only.

    This has been advised already but you also really need to run a scan on your computer. Malwarebytes is free and good.

  • #415822


    post exploit. the idea… noisy or not. Noisy… he didn’t have to message you. That was noise. And let you think he was done “whatever he was doing” as he saw you adjusting your passwords and he/she was losing access. The trick… was the message to you saying he’s done. That’s when your guard was most down… and also the best time for him to finish.

    Getting in quietly… people do that with bigger plans for a later date just hoping you didn’t catch it.

    Getting in… making noise… you expect quiet. No. That’s the trick. As you saw… he/she was still there. Had the person not messaged you… would you have done anything differently?

    He was after something… usually money. Bitcoin? Credit? Identity? The motive… what could it be. And the message to sell it to make some “quick bucks”, is an expression in one area of the country. also, implies, done even more (layered your emotional responses to zero).

    I would guess he is not leaving as he doesn’t need to leave. You don’t know how/when/if, so if he’s still there or not, how would you know?

    How to stop it again?

    Can you? Did he get what he wanted?

    Why you??

    Most likely, data breach you don’t monitor and he’s been there a lot longer than you ever knew.

You must be logged in to reply to this topic.