accounts hacked help
Discussion
Hi All,
One of my friends appears to have had all thier accounts hacked.
Thier Instagram accounts (business and personal) have been taken over
Thier Hotmail account now says it no longer exists when they go into try and change the password.
The hackers appear to have tried to get into thier bank accounts and credit cards.
They didn't have 2FA set up, they are on an iPhone (not jail broken)
All seems very strange, I'm trying to help however I can, being IT literate, but I can't figure out the attack vector (I assume brute force on the email account) then just spiralling out.
Any suggestions or steps to help them ? Seems odd that the Hotmail account no longer appears to exist
Cheers
Michael
One of my friends appears to have had all thier accounts hacked.
Thier Instagram accounts (business and personal) have been taken over
Thier Hotmail account now says it no longer exists when they go into try and change the password.
The hackers appear to have tried to get into thier bank accounts and credit cards.
They didn't have 2FA set up, they are on an iPhone (not jail broken)
All seems very strange, I'm trying to help however I can, being IT literate, but I can't figure out the attack vector (I assume brute force on the email account) then just spiralling out.
Any suggestions or steps to help them ? Seems odd that the Hotmail account no longer appears to exist
Cheers
Michael
Likely your friends username and password was on a list from a data breech and they used the same credentials on multiple accounts. Hackers will now be trawling hotmail for details of any other accounts and trying to compromise those. Also likely they have changed the account credentials on hotmail, so now has a new username and password...or they've downloaded all content and then closed the account.
Contact hotmail support asap and see if they can assist.
Set up a new e-mail account, gmail or iCloud may be preferable as they are an iPhone user
Change all passwords on their accounts and set up 2FA where possible, change the e-mail address to the new account, change the username if possible
Monitor all accounts. Passwords need to be complex.
If any accounts have been compromised and cannot be accessed they need to contact the company to see if the account can be closed, or fixed so they have access
Inform action fraud
Contact hotmail support asap and see if they can assist.
Set up a new e-mail account, gmail or iCloud may be preferable as they are an iPhone user
Change all passwords on their accounts and set up 2FA where possible, change the e-mail address to the new account, change the username if possible
Monitor all accounts. Passwords need to be complex.
If any accounts have been compromised and cannot be accessed they need to contact the company to see if the account can be closed, or fixed so they have access
Inform action fraud
For Hotmail they could start with this:
https://support.microsoft.com/en-gb/account-billin...
Your friend needs to prove their account is theirs. When they have it back they can implement MFA and new passwords. They should consider a new email account, cease using the compromised one and change any other accounts that use that email.
https://support.microsoft.com/en-gb/account-billin...
Your friend needs to prove their account is theirs. When they have it back they can implement MFA and new passwords. They should consider a new email account, cease using the compromised one and change any other accounts that use that email.
The two typical options would be:
- reutilised credential pair (username/password) - especially if that corresponds to the hotmail account login details. Somewhere, it got leaked and used.
- phishing. This friend was phished.
Getting all of this stuff back will be hard
Weak credentials and lack of multifactor authentication = bad news.
Losing the root of all accounts, the email address = worse.
Important: get around all other accounts where that password was used and change them; use at least a password manager like Bitwarden to create random passwords for them - and have 2FA on that Bitwarden account.
Having had a friend go through this, I know what a pain this is.
Have they tried to make contact? In the end, they will be looking for something, be it asking friends on the socials for some money because you're trapped in Limasol.....
- reutilised credential pair (username/password) - especially if that corresponds to the hotmail account login details. Somewhere, it got leaked and used.
- phishing. This friend was phished.
Getting all of this stuff back will be hard
Weak credentials and lack of multifactor authentication = bad news.
Losing the root of all accounts, the email address = worse.
Important: get around all other accounts where that password was used and change them; use at least a password manager like Bitwarden to create random passwords for them - and have 2FA on that Bitwarden account.
Having had a friend go through this, I know what a pain this is.
Have they tried to make contact? In the end, they will be looking for something, be it asking friends on the socials for some money because you're trapped in Limasol.....
Could have been an exploit, if they didn’t have a fully patched iPhone. Some people on PH use absolutely ancient phones that fell out of support years ago. One click on the wrong website… A connection on a dodgy public wifi point…
Could equally have a compromised wifi router at home if they are using an old router without a modern encryption protocol. They are very easy to hack.
Could equally have a compromised wifi router at home if they are using an old router without a modern encryption protocol. They are very easy to hack.
Edited by wyson on Monday 17th February 23:25
All good advice here esp with experian.
Get yr pal to https://haveibeenpwned.com/ and check if his email or password have been leaked previously.
Uae mfa everywhere you can - Ebay, paypal, email, all of them.
use pw managers so you dont need to reuse same passwords for multiple accounts.., keep software and operating systems up to date.
Get yr pal to https://haveibeenpwned.com/ and check if his email or password have been leaked previously.
Uae mfa everywhere you can - Ebay, paypal, email, all of them.
use pw managers so you dont need to reuse same passwords for multiple accounts.., keep software and operating systems up to date.
Gassing Station | Computers, Gadgets & Stuff | Top of Page | What's New | My Stuff