Comment on I don't know what to do with this information

str82L@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

• str82L@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

  Further investigation turned up this

  troyhunt.com/experimenting-with-stealer-logs-in-h…

  source

  • AnEilifintChorcra@sopuli.xyz ⁨2⁩ ⁨weeks⁩ ago

    Yep, thats the blogpost from the owner of haveibeenpwnd regarding the email OP received.

    OP, it seems like you have or had malware on one or more of your devices that has been logging all of your credentials to any services you signed into on the infected devices with the email address provided in the screenshot you shared.

    we’re talking about the logs created by malware running on infected machines. You know that game cheat you downloaded? Or that crack for the pirated software product? Or the video of your colleague doing something that sounded crazy but you thought you’d better download and run that executable program showing it just to be sure? That’s just a few different ways you end up with malware on your machine that then watches what you’re doing and logs it.

    These logs all came from the same person and each time the poor bloke visited a website and logged in, the malware snared the URL, his email address and his password.

    I would suggest running a malware scan on devices you use to log in with that email.

    On a secure device, you should change the passwords for each service that you use that email with.

    If 2FA is already enabled on any of these accounts, then it should be safe and I would ensure the device is not infected before changing the passwords or else the passwords will be stolen again when you sign in on the infected device.

    It is likely any other accounts that were signed into on the infected device have had their credentials stolen too, you may not have those email addresses set up to receive this notification. Also you should notify anyone else who has used the infected device that their credentials were likely stolen too.

    You can check if other emails have been comprised using haveibeenpwned.com and you can also check if passwords have been comprised there too.

    source

    • Preflight_Tomato@lemm.ee ⁨2⁩ ⁨weeks⁩ ago

      To add to this, here’s what I would do personally:

      For disinfecting devices, it’s a process:

      1. Isolate the device, remove network cards if possible.
      2. Try to find out what kind of malware it is? Is it isolated to the OS? If it’s infecting device firmware I’d just replace the whole device, otherwise move to next step.
      3. Copy essential data onto a removeable drive (USB)
      4. Wipe the drive and re-install the OS fresh.
      5. Full content malware scan of all files on the USB.
      6. Copy files back onto fresh OS.

      Some additional things to do:

      1. Change relevant credentials.
      2. Enable Multi-Factor Authentication (MFA) wherever offered.
      3. If you’re in the US and believe that financial info was compromised (SSN, bank passwords, etc.), freeze your credit and file 1 year fraud alerts with all major consumer reporting companies (Equifax, Transunion, Experian, etc.). This is free and quick as required by law.

      source
    • peregus@lemmy.world ⁨2⁩ ⁨weeks⁩ ago

      Very thorough explanation! I’ll add a basic info for @TheTwelveYearOld@lemmy.world: every service MUST have a different password (password manager almost mandatory with a VERY strong password and 2FA). If you’re paranoid like me ( 🙈 ) use a different email alias for each service (SimpleLogin)

      source
• lurch@sh.itjust.works ⁨2⁩ ⁨weeks⁩ ago

  if OP trusts their service, they can check the passwords they used with this email to find the compromised one and change it.

  also, a significant number of ppl use one email per service. for example, they add stuff to google mail addresses or use yahoo disposable emails. those would know it from the email address in the mail.

  source