Forums
New posts
Search forums
News
Security News
Technology News
Giveaways
Giveaways, Promotions and Contests
Discounts & Deals
Reviews
Users Reviews
Video Reviews
Support
Windows Malware Removal Help & Support
Inactive Support Threads
Mac Malware Removal Help & Support
Mobile Malware Removal Help & Support
Blog
Log in
Register
What's new
Search
Search titles only
By:
Search titles only
By:
Reply to thread
Menu
Install the app
Install
JavaScript is disabled. For a better experience, please enable JavaScript in your browser before proceeding.
You are using an out of date browser. It may not display this or other websites correctly.
You should upgrade or use an
alternative browser
.
Forums
Security
General Security Discussions
40+ Passwords Found in Data Breach - Help Me Understand What Actually Happened
Message
<blockquote data-quote="Wrecker4923" data-source="post: 1123467" data-attributes="member: 110877"><p>The service is new, but you can see them in the news now, mostly regarding corporate hacks and ransomware based on past infostealer thefts. I believe they retrieve infostealer logs and put them into a database to allow corporations to check if their employees' accounts have been breached, which might compromise the companies' systems.</p><p></p><p>This confirms past/present infostealer/malware infections on your machine. Factory resetting (making sure you <em>don't sync </em>past software or browser extensions from your connected online accounts) is one of the most complete measures you can take. If you are still unsure, you can:</p><ul> <li data-xf-list-type="ul">Use one-time scanners, such as "ESET Online Scanner" and "Sophos Scan and Clean," to fully scan your computer. You probably won't find anything.</li> <li data-xf-list-type="ul">If you want human reassurances, try the MT's Windows Malware Removal Help & Support: <a href="https://malwaretips.com/forums/windows-malware-removal-help-support.10/" target="_blank">Windows Malware Removal Help & Support</a></li> </ul><p>I would consider doing the following:</p><ul> <li data-xf-list-type="ul">Also factory reset your mobile devices (<em>without syncing </em>past software), as mentioned by [USER=57429]@Zero Knowledge[/USER].</li> <li data-xf-list-type="ul">Because it may be hard to figure out if they still have a foothold in your Google account, I'd monitor it very closely. Login location logs may not be indicative because they can just use your session cookie without logging in. I'd consider resetting/reviewing all the "named" security options (passkeys, authenticator [unless yours is still working], 2FA recovery codes), apps, forwarding addresses, filtering rules, etc.</li> <li data-xf-list-type="ul">Put your password into a third-party password manager like Bitwarden. It's not attacked as often as the browsers' password managers, and it will be safer in some situations. There is a very active subreddit that can provide help, suggestions, and learning opportunities.</li> </ul><p>As far as the malware's capabilities go, it's anybody's guess. They can access webcams and microphones (remember Pegasus), but these aren't the most valuable data on the PC. They often steal cookies, credentials, electronic wallets, files, screenshots, keylogged passwords, and more. You pretty much need to reset all your passwords, enable 2FA wherever possible (which you already did), rotate all your encryption (like encrypted files), notify your financial institutions, and check for sensitive info that could further leak because of your files (.txt, .doc, screenshots, legal/identity documents on your system, etc.) and photos. More or less, you should <em>assume </em>and <em>prepare for </em>a total compromise of your system while hoping that they didn't <em>actually </em>get all of it.</p></blockquote><p></p>
[QUOTE="Wrecker4923, post: 1123467, member: 110877"] The service is new, but you can see them in the news now, mostly regarding corporate hacks and ransomware based on past infostealer thefts. I believe they retrieve infostealer logs and put them into a database to allow corporations to check if their employees' accounts have been breached, which might compromise the companies' systems. This confirms past/present infostealer/malware infections on your machine. Factory resetting (making sure you [I]don't sync [/I]past software or browser extensions from your connected online accounts) is one of the most complete measures you can take. If you are still unsure, you can: [LIST] [*]Use one-time scanners, such as "ESET Online Scanner" and "Sophos Scan and Clean," to fully scan your computer. You probably won't find anything. [*]If you want human reassurances, try the MT's Windows Malware Removal Help & Support: [URL='https://malwaretips.com/forums/windows-malware-removal-help-support.10/']Windows Malware Removal Help & Support[/URL] [/LIST] I would consider doing the following: [LIST] [*]Also factory reset your mobile devices ([I]without syncing [/I]past software), as mentioned by [USER=57429]@Zero Knowledge[/USER]. [*]Because it may be hard to figure out if they still have a foothold in your Google account, I'd monitor it very closely. Login location logs may not be indicative because they can just use your session cookie without logging in. I'd consider resetting/reviewing all the "named" security options (passkeys, authenticator [unless yours is still working], 2FA recovery codes), apps, forwarding addresses, filtering rules, etc. [*]Put your password into a third-party password manager like Bitwarden. It's not attacked as often as the browsers' password managers, and it will be safer in some situations. There is a very active subreddit that can provide help, suggestions, and learning opportunities. [/LIST] As far as the malware's capabilities go, it's anybody's guess. They can access webcams and microphones (remember Pegasus), but these aren't the most valuable data on the PC. They often steal cookies, credentials, electronic wallets, files, screenshots, keylogged passwords, and more. You pretty much need to reset all your passwords, enable 2FA wherever possible (which you already did), rotate all your encryption (like encrypted files), notify your financial institutions, and check for sensitive info that could further leak because of your files (.txt, .doc, screenshots, legal/identity documents on your system, etc.) and photos. More or less, you should [I]assume [/I]and [I]prepare for [/I]a total compromise of your system while hoping that they didn't [I]actually [/I]get all of it. [/QUOTE]
Insert quotes…
Verification
Post reply
Top
