It was just 3 weeks ago where I woke up one morning getting ready to send my kids to school and thought it was going to be just an ordinary day.
After having breakfast and drove my kids to school, my phone's DND turned off and as I was driving back home I started to get a few notifications on my phone.
As I got back and sat in front of my PC, I checked all my phone messages and this was one of the many similar messages I received.
I was pretty much shocked as to why I was receiving this message as I surely didn't get online nor did any task online for anything at 7am in the morning .
There were a number of Microsoft Accounts which I have and I started to be very suspicions of this activity leading me to start trying to login to all my email accounts of importance.
All was able to login except for 1 of my account. A very old account which I created more then 15 years ago. I have not logged into this account for awhile however I still remembered my password as I've not changed it for a long time.
Seeing that I was unable to login, I quickly did a reset and true enough, each time I reset it required a authentication code which showed similar message as above.
By now, I've got 2 scenarios in which I was thinking off.
- My email is hacked and password was compromised
- My phone SIM card is cloned thus getting weird messages
To eliminate one of the possibilities, I quickly head off to the telco and got my SIM CARD change. While doing that ... I then realized my FB could not login and few other stuff I was unable to login.
Things was getting extremly critical at this point and I was in a mere panic state
So ok .. taking things I knew I had to take drastic measures. As all I could do not is the most obvious thing.
LOGIN EVERY ACCOUNT I HAD AND CHANGED PASSWORD !
I quickly did all of those ... login to my main emails and change password. Then login to my social media like FB and change password ... loging to all my crypto related exchanges and change password.
However while I was doing all of that, it seem that my main email accounts ( none microsoft ) keeps resetting itself again.
What I did next closed the leak
Keeping a clear head was the main thing, as I was already in a state of panic .. so thinking back, my old email account ( HOTMAIL from microsoft )
- I had to recover that and after I got a new SIMCARD and then change the password on that.
- I also enabled secondary verification by phone. Lucky I had 2 phones
Once I did that I checked all the security login logs. It looks something like this.
One of it was successful as I went thru the logs and it was connected from CANADA. Unfortunatly I don't have the screen shot here.
Now once I cleared that, added security, it was time to change once more all my other accounts password once more.
This time, all my passwords remained changed and didn't reset itself. By then a few accounts were unable to be access already as it was changed to a unknown password, however I manage to recover it.
How they managed to gain access and hack my accounts !
This is just a rough indication on how they were able to access a lot of my stuff because I didn't pay attention to my recovery email which I've not login for the longest time since I do not use it much anymore.
For those of you who do not know what IMAP is , its basically a way to syncronize your emails thru 3rd party apps for example if you are using iPhone and wanted IOS to manage your mails, you would use the IMAP function to sync it.
Apparently that this IMAP sync hack has been around for awhile and Microsoft is aware about it. Its not really a security flaw, however its more of a feature, which of course can be abused if somehow your username and password has been compromised.
What I learn from this
- Secure the email which you use as a recovery email and don't use that email at all if possible to signup for anything online
- ALWAYS enable secondary authentication like 2FA
- Manage your password well and try not to use the same password in all your site. Even though I do have a standard password which I use for dodgy sites however you can't be too careful as even the best companies in the world are not spared from hackers trying to gain access to their databases.
- Frequently check and verify your security logins on all your main accounts.
Summary
I do hope that you would not go thru this experience as I did, it really wasted a lot of time and I felt disgusted at the fact that someone had breached my privacy.
I did suffer some losses, this was purely because I so happened to be awake at the time of the hack. Its indeed an experience which I don't wish any of you to partake in.
Cheers and hope my sharing will be able to help you guys to start securing your accounts more.
Posted from my blog with SteemPress : http://steemitup.club/hacked-here-is-me-sharing-my-experience/
Oh, what an experience you had. I'm glad you got through it.
I had a similar problem with all of my social connections.
My smartphone decided to refuse my pin numbers. This went on for a day.
I sent it to be serviced.
At the time,I had to reconnect with my spare phone.
This just means that I needed to login to all of my connections 2 times.
To my spare phone and to my normal phone, when it got back to me.
And I'm now thinking that could there be an automatic way to login every time something happens?
This would save time and my own nerves.
I wish there was a way to have a sort this of redundancy however not that I am aware of.
Another bit of advice, do NOT us Facebook as a login to any other site or application.
haha .. thats true .. but i guess its a convenience for most ppl incl myself
And thus a massive security threat because the hackers know that also. You already learnt not to concentrate your logins, why trust a disreputable third party to do the same thing?
Wow.. that was quite an experience. You are good that you were able to piece the puzzle together and traced back what the hacker did. SIM swapping attack is a threat in many places, but I am curious how did the hacker manage to clone your SIM card. Did you get to find out?
What you said are all very good security practices.
For point 3, I always recommend folks to use a password manager, you do not need a paid one, something like KeePass works fine. 2FA is a must and should be enabled as long as the application/site supports.
here is my take on it .. the SIM clone must have come from some app which I've installed on my phone. That rogue app could have given information of my IMEI or other information. Once i got a new SIM card .. before i even put the new sim card in, I did a full wipe of my phone. Didn't want to risk it. This is just my speculation as at that exact time, I was in panic mode and didn't want to risk anything.
hi @culgin
perhaps you could write an article about keepass? I myself never used any password manager and I'm not sure if I can trust sites like this one.
Yes, sure. Will certainly write about it someday
I don't get it. Where is the leak?
Are you saying that someone managed to access your old email address which the recovery email and then from there access ALL your accounts?
they were using an IMAP Sync ... meaning whatever emails in or out was sync to them. Its like if you were using hotmail.com for emails i had your username and password and i open up MAIL app on my iPhone and key in your credentials there. I would start receiving any new emails without going to Hotmail.com to login. So ... if your recovery email for your gmail account was [email protected] I could get to your gmail .. request "forgot password" it would send a link to your recovery email for you to click. Since I have your credentials stored on my iPhone MAIL app .. i would receive that email.
what is the best way to contact you? it seem that you dont use discord a lot?
just replied you on discord buddy
Thanks for sharing your experience @bitrocker2020
It always "hits" so much more and become such a more realistic threat when it does happened to someone you personally know.
After reading your post, I came to realization that one of the problems you've faced was related to panic mode. Which may paralize many people.
Perhaps it would be a good idea, to come up with plan of what we need to do if we're ever face similar problem. We surely won't prepare ourselfs for all possible scenarios, however I believe that mentally such an exercise would allow us to be prepared. At least to some certain degree.
Being able to manage panic can be a game changer. Wouldn't you agree?
Also I was wondering, if using VPN would potentially help to stay safe from being targetted? What's your opinion?
Yours,
Piotr
Its a better idea to plan for securing your accounts to avoid getting hack.
VPN is good to avoid detection which could lead to serious problems like a DDOS atk on your IP ( among a few ). There are some VPNs which you should avoid especially the free ones as it does not secure you in any way as I could place an ethereal trace on your connection and start capturing packets which you send thru my "free VPN".
I was actually thinking about checking out NordVPN. Do you have any opinion about this one?
have not tried it out yet so wont be able to comment much on it however if you google it ... this is what i got
https://techcrunch.com/2019/10/21/nordvpn-confirms-it-was-hacked/