Someone is attacking my financial accounts and social media.

[joeychitwood]

In the past two days, multiple unsuccessful attempts have been made to log into my IRA brokerage account, my cell provider account and two other financial accounts, and I'm assuming the same person/people have also successfully hacked my Facebook account and my spouse's iCloud account on Apple. Thankfully, she kept nothing on the cloud.

Vanguard alerted me this morning, and now all web access has been locked. Only voice recognition will open my account and only my phone will work to access it. Their fraud department is investigating. I'm working with the other companies where failed logins occurred to secure the accounts. I'm spending the rest of today checking every online account I have, no matter how insignificant, changing passwords and looking for evidence of compromise.

Have any of you been personally hacked? Do you use security software? Do any of you use password-managing software? Any wise words of wisdom?

[cdmorenot]

First things first. Please call the credit bureaus and freeze your files.

Check out Krebs on Security (Blog) he has many good posts on what to do in your situation.

http://krebsonsecurity.com/2015/06/h...curity-freeze/


Sent from my SM-N920T using Tapatalk

[Knappo 1307]

Edit: Just had something similar happen to me..

[wantonebad]

Sorry to hear this JC, hope the best for you and your wife through this ordeal! I agree fraud alerts on the major credit bureaus is a good idea if you haven't done that already!! Good luck!!

[Alexwwjd]

Wow. This is personal! I hope it gets resolved soon.


Sent from my iPhone using Tapatalk

[Kingair]

Get it solved!

Sent from my SM-N920T using Tapatalk

[joeychitwood]

I froze my credit with the big three companies. I've been changing passwords. different passwords for every account is incredibly cumbersome.

Has anyone used a password manager program like Dashlane? it is highly rated, but it seems that if someone could hack into my dashlane account, he'd have access to every company I do business with.

I see Donald Trump was hacked this week. If a billionaire running for President can't protect his identity, what chance do the rest of have?

[cpark]

He was attacked by Anonymous, completely different from what is happening to you. Unfortunately identity theft is more common than people think here in America. Try Password1. It's supposedly the best for creating passwords, it's like $50 bucks or if you can get it on sale (from time to time) for $25. They secure all of your passwords and create random phrases for your passwords and it is uncrackable (similar to Bitcoin) algorithms. Hope everything gets solved! Good luck!!

[Watchflair]

Crazy-hope it gets resolved as soon and as painlessly as possible.

I have a credit monitoring service through Amex that alerts me to any changes credit wise. Bureau pulls, new credit lines, large purchases, etc. I also have fraud alerts on my credit so that before new lines of credit can be extended I must be contacted on the phone number it was set up with. I personally wouldn't keep passwords anywhere online. Not sure if it's good or bad but I typically keep my passwords in the notes section of my iPhone.

[BNA/LION]

Sorry to hear about that. I hope you get all accounts secured and nothing is missing or impacts you financially.

Sent Via Tapatalk

[joeychitwood]

I think I've done what I can for now. I created new passwords for every website on which I do business. Talked with my local bank. All in all, an incredibly tedious task.

I'm aware Trump was hacked by Anonymous. My point was that no one is safe.

[Highland Ranger]

Keepass - open source password management that includes a password generator. Switched to it when PayPal account got hacked a few years ago and they kind of blamed me.

Allows you to have different random passwords generated according to whatever system policy is . . . no one will be able to guess a 256 character random generated password. So if account compromised it is because they lost a backup tape.

Package has a Windows app, Mac app, iPhone app and Android app.

Sent from my Nexus 6P using Tapatalk

[kulak]

I personally don't trust any password software to run on a machine connected to the Internet. There is too much risk and I personally don't want to invest the time to analyze network traffic or block connectivity by application.

[Highland Ranger]

Quote:

Originally Posted by kulak

I personally don't trust any password software to run on a machine connected to the Internet. There is too much risk and I personally don't want to invest the time to analyze network traffic or block connectivity by application.

It's encrypted and password protected safer than paper and ability to quickly cut and paste very strong passwords is invaluable.

Good compromise between living under a rock, and having your life disrupted.

Sent from my Nexus 6P using Tapatalk

[kulak]

Quote:

Originally Posted by Highland Ranger

It's encrypted and password protected safer than paper and ability to quickly cut and paste very strong passwords is invaluable.

Good compromise between living under a rock, and having your life disrupted.

Sent from my Nexus 6P using Tapatalk

It gets decrypted for you to see it. It's not so far fetched that either you have malware taking screenshots of your system or the software itself transmits it.

The only safeway to use software like this is offline on a computer without access to the network. They call this air-gapping in the industry.

[Highland Ranger]

Quote:

Originally Posted by kulak

It gets decrypted for you to see it. It's not so far fetched that either you have malware taking screenshots of your system or the software itself transmits it.

The only safeway to use software like this is offline on a computer without access to the network. They call this air-gapping in the industry.

Security is a compromise between putting everything under a rock and everything out in the open.

In the case of an air gapped machine storing strong 256 character random passwords, (the under rock) how practical would that be to use every time you access amazon?

Not very. Appropriate for storing nuclear launch codes, not for regular person shopping eBay.

Some common sense precautions about where and how you connect, some good browsing habits and differing and strong passwords should be enough.



Sent from my Nexus 6P using Tapatalk

[rr-nyc]

Someone clearly has enough of your information to try stealing your identity. How else would they even know which financial institution to go after your brokerage account?

I've had people try to reset my facebook account and my icloud account but thats the extent of it. It sounds like you are doing the right things so far. Best of luck keeping everything safe

[joeychitwood]

Quote:

Originally Posted by rr-nyc

Someone clearly has enough of your information to try stealing your identity. How else would they even know which financial institution to go after your brokerage account?

They actually knew my Facebook password, which I change every few weeks and my spouse's Apple account ID. This was a very specific attack.

[joeychitwood]

I am thinking that I was compromised while on our hotel wifi in Mexico last week or in the Minneapolis airport while using the wifi there.

[Highland Ranger]

Quote:

Originally Posted by joeychitwood

I am thinking that I was compromised while on our hotel wifi in Mexico last week or in the Minneapolis airport while using the wifi there.

I invested in a VPN for the home office. Whenever I travel I connect phone and PC to the VPN. Routes l traffic thru encrypted tunnel thru office - no hacking.

Sent from my Nexus 6P using Tapatalk

[Dr. Prunesquallor]

Quote:

Originally Posted by Highland Ranger

I invested in a VPN for the home office. Whenever I travel I connect phone and PC to the VPN. Routes l traffic thru encrypted tunnel thru office - no hacking.

Sent from my Nexus 6P using Tapatalk

I need to do exactly that. Did you research BPN providers and reach any conclusions?

[Abdullah71601]

Quote:

Originally Posted by Dr. Prunesquallor

I need to do exactly that. Did you research BPN providers and reach any conclusions?

The VPN protects your current activity. It won't help if you store sensitive information on third party servers.

I've been using Witopia for all my personal business transactions for five years. It's worked well. But, I don't store any credentials or passwords anywhere (except a quirky unique one here), and I don't let Windows store any for me either.

I'm probably still vulnerable, but I think I'm a harder target than if I trusted third parties to keep me safe.

[Baco Noir]

Quote:

Originally Posted by joeychitwood

I am thinking that I was compromised while on our hotel wifi in Mexico last week or in the Minneapolis airport while using the wifi there.

For future info, I use my cell phone as a hotspot rather than connecting to public wifi for this reason.

I hope all your data is safe and I'm going to read the rest of this thread now to learn even more about securing my info. You can never be too safe.

[BLACKHORSE 6]

Sorry to hear. Good luck getting everything straightened out.

My company issued me a Verizon Jetpack that I use instead of public wifi, mainly for this reason.

Won't help with hackers, but I also use a RFID shielded wallet to protect my credit/debit card information. I even bought a RFDI passport wallet for traveling.

[subtona]

What a PIA.

Hopefully you've caught it in time and can harden your security.

The more advanced we get the more catastrophic the impact of a breach becomes.

Personal cloud storage is at the nexus of the worst possible outcome.

[rollthedice]

1password is a great software, all local as well.. however you can choose to sync your encrypted 1password db over dropbox/icloud for backups/other devices (even if someone gets a hold of it, they can't unlock it without your master password which of course you make complex and never tell anyone or use it for anything else :p)

i am in the IT security business and 1password is one of the best applications out there for the normal guy, security paranoid people can enable 2 step verification etc on most applications again if they're paranoid or want an extra step.

using the same password for multiple things just makes a hackers life even simpler, every password I have is different... while it may be cumbersome at some times its well worth it.

[subtona]

Quote:

Originally Posted by rollthedice

1password is a great software, all local as well.. however you can choose to sync your encrypted 1password db over dropbox/icloud for backups/other devices (even if someone gets a hold of it, they can't unlock it without your master password which of course you make complex and never tell anyone or use it for anything else :p)

i am in the IT security business and 1password is one of the best applications out there for the normal guy, security paranoid people can enable 2 step verification etc on most applications again if they're paranoid or want an extra step.

using the same password for multiple things just makes a hackers life even simpler, every password I have is different... while it may be cumbersome at some times its well worth it.

if someone can access information by entering a password we are vulnerable. even in 2 step verification, it is only a bandaid.

once upon a time your Birthday, SS # & Mothers Maiden Name served as the keys to protecting your data security, after a few years that very information was on everyones database and has become widely available to hackers.
The second you enter your next level security, the information is stored on another piece or pieces of hardware for someone to hack, it is a horrific spiral.

ultimately our habitual and mindful security practice may be our best defense but the world is changing so fast without govt protections being put in place (the US govt (I suspect the others as well) has their own agenda for our privacy)

i am no expert, i have only maintained an acute awareness of the evolution technology and its pitfalls since my palm pilot days. my friends know me as the guy they laughed at for putting a post it note on the computer camera… years later they all have their cameras covered.

since your in IT security, i welcome any information that would provide a level of comfort and security. i frequently speak with a good friend who has a leading role in IT security for big banks, it is a daunting task to say the least


most importantly, i do not think i would ever be comfortable stacking all my passwords on a cloud based 3rd party site where i am certain they have a hackers crosshairs on them or maybe even funded by a hacker group or govt 4th party.

[rollthedice]

Quote:

Originally Posted by subtona

if someone can access information by entering a password we are vulnerable. even in 2 step verification, it is only a bandaid.

once upon a time your Birthday, SS # & Mothers Maiden Name served as the keys to protecting your data security, after a few years that very information was on everyones database and has become widely available to hackers.
The second you enter your next level security, the information is stored on another piece or pieces of hardware for someone to hack, it is a horrific spiral.

ultimately our habitual and mindful security practice may be our best defense but the world is changing so fast without govt protections being put in place (the US govt (I suspect the others as well) has their own agenda for our privacy)

i am no expert, i have only maintained an acute awareness of the evolution technology and its pitfalls since my palm pilot days. my friends know me as the guy they laughed at for putting a post it note on the computer camera… years later they all have their cameras covered.

since your in IT security, i welcome any information that would provide a level of comfort and security. i frequently speak with a good friend who has a leading role in IT security for big banks, it is a daunting task to say the least


most importantly, i do not think i would ever be comfortable stacking all my passwords on a cloud based 3rd party site where i am certain they have a hackers crosshairs on them or maybe even funded by a hacker group or govt 4th party.

that's why I said local based not third party hosted, 1password is all local on your computer only. No internet conn required

[subtona]

Quote:

Originally Posted by rollthedice

that's why I said local based not third party hosted, 1password is all local on your computer only. No internet conn required

Thank you for clarification I did miss that relevant detail.

[rouxeny]

Another vote for 1Password. It works pretty well, and is relatively to use across your devices.

It's definitely not as easy as having an easy-to-remember password, but I suppose that's the point.

Also, on Apple devices, you could enable the Keychain functionality. I have only used it sparingly, but it seems to be very easy to use. I'd say less kludgy than 1Passsword.