The Rolex Forums   The Rolex Watch

ROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEX


Go Back   Rolex Forums - Rolex Forum > General Topics > Open Discussion Forum

Reply
 
Thread Tools Display Modes
Old 19 March 2016, 02:00 AM   #1
joeychitwood
"TRF" Member
 
joeychitwood's Avatar
 
Join Date: Oct 2009
Location: Way Up North USA
Watch: Rolexes & Tudors
Posts: 6,361
Someone is attacking my financial accounts and social media.

In the past two days, multiple unsuccessful attempts have been made to log into my IRA brokerage account, my cell provider account and two other financial accounts, and I'm assuming the same person/people have also successfully hacked my Facebook account and my spouse's iCloud account on Apple. Thankfully, she kept nothing on the cloud.

Vanguard alerted me this morning, and now all web access has been locked. Only voice recognition will open my account and only my phone will work to access it. Their fraud department is investigating. I'm working with the other companies where failed logins occurred to secure the accounts. I'm spending the rest of today checking every online account I have, no matter how insignificant, changing passwords and looking for evidence of compromise.

Have any of you been personally hacked? Do you use security software? Do any of you use password-managing software? Any wise words of wisdom?
joeychitwood is offline   Reply With Quote
Old 19 March 2016, 02:10 AM   #2
cdmorenot
2024 SubLV41 Pledge Member
 
cdmorenot's Avatar
 
Join Date: Jun 2015
Real Name: Carlos.
Location: NNJ - MDE
Watch: = Want them all.
Posts: 3,700
First things first. Please call the credit bureaus and freeze your files.

Check out Krebs on Security (Blog) he has many good posts on what to do in your situation.

http://krebsonsecurity.com/2015/06/h...curity-freeze/


Sent from my SM-N920T using Tapatalk
__________________
| Breguet | Cartier | Casio | Hublot | IWC | Omega | Rolex | Seiko |
cdmorenot is offline   Reply With Quote
Old 19 March 2016, 02:22 AM   #3
Knappo 1307
2024 SubLV41 Pledge Member
 
Knappo 1307's Avatar
 
Join Date: Sep 2011
Real Name: Jason
Location: USA
Watch: Sea Dweller
Posts: 8,561
Edit: Just had something similar happen to me..
Knappo 1307 is offline   Reply With Quote
Old 19 March 2016, 03:20 AM   #4
wantonebad
2024 SubLV41 Pledge Member
 
wantonebad's Avatar
 
Join Date: Nov 2007
Location: USA
Watch: 126600, 116500LN
Posts: 12,849
Sorry to hear this JC, hope the best for you and your wife through this ordeal! I agree fraud alerts on the major credit bureaus is a good idea if you haven't done that already!! Good luck!!
__________________
"I'm kind of a big deal...
on a fairly irrelevant social media site
that falsely inflates my fragile ego"
wantonebad is offline   Reply With Quote
Old 19 March 2016, 04:23 AM   #5
Alexwwjd
"TRF" Member
 
Alexwwjd's Avatar
 
Join Date: May 2009
Real Name: Alex
Location: Texas
Watch: Out!!!
Posts: 2,352
Wow. This is personal! I hope it gets resolved soon.


Sent from my iPhone using Tapatalk
Alexwwjd is offline   Reply With Quote
Old 19 March 2016, 04:32 AM   #6
Kingair
"TRF" Member
 
Kingair's Avatar
 
Join Date: Oct 2009
Location: USA
Watch: Not enough ;-)
Posts: 21,232
Get it solved!

Sent from my SM-N920T using Tapatalk
Kingair is offline   Reply With Quote
Old 19 March 2016, 04:47 AM   #7
joeychitwood
"TRF" Member
 
joeychitwood's Avatar
 
Join Date: Oct 2009
Location: Way Up North USA
Watch: Rolexes & Tudors
Posts: 6,361
I froze my credit with the big three companies. I've been changing passwords. different passwords for every account is incredibly cumbersome.

Has anyone used a password manager program like Dashlane? it is highly rated, but it seems that if someone could hack into my dashlane account, he'd have access to every company I do business with.

I see Donald Trump was hacked this week. If a billionaire running for President can't protect his identity, what chance do the rest of have?
joeychitwood is offline   Reply With Quote
Old 19 March 2016, 05:31 AM   #8
Watchflair
2024 SubLV41 Pledge Member
 
Watchflair's Avatar
 
Join Date: May 2012
Real Name: Jim
Location: Westchester NY
Watch: Love em all
Posts: 5,920
Crazy-hope it gets resolved as soon and as painlessly as possible.

I have a credit monitoring service through Amex that alerts me to any changes credit wise. Bureau pulls, new credit lines, large purchases, etc. I also have fraud alerts on my credit so that before new lines of credit can be extended I must be contacted on the phone number it was set up with. I personally wouldn't keep passwords anywhere online. Not sure if it's good or bad but I typically keep my passwords in the notes section of my iPhone.
__________________
Remember what matters. Value everyday
Watchflair is offline   Reply With Quote
Old 19 March 2016, 06:27 AM   #9
BNA/LION
2024 SubLV41 Pledge Member
 
BNA/LION's Avatar
 
Join Date: May 2011
Real Name: Larry
Location: San Diego, CA
Watch: ROLEX
Posts: 25,661
Sorry to hear about that. I hope you get all accounts secured and nothing is missing or impacts you financially.

Sent Via Tapatalk
__________________

✦ 28238 President DD 18K/YG ✦ 16610LN SS Sub ✦ 16613 18K/SS Serti ✦ 16550 Exp II Non-Rail Cream Dial ✦ Daytona C 116500 ✦ 126710 BLRO GMT-Master II ✦ NEXT-->?
Hole In One! 10/3/19 DMCC 5th hole, par 3, 168 yards w/ 4-Iron.
BNA/LION is offline   Reply With Quote
Old 19 March 2016, 06:41 AM   #10
cpark
"TRF" Member
 
cpark's Avatar
 
Join Date: Nov 2011
Location: San Francisco, CA
Posts: 353
He was attacked by Anonymous, completely different from what is happening to you. Unfortunately identity theft is more common than people think here in America. Try Password1. It's supposedly the best for creating passwords, it's like $50 bucks or if you can get it on sale (from time to time) for $25. They secure all of your passwords and create random phrases for your passwords and it is uncrackable (similar to Bitcoin) algorithms. Hope everything gets solved! Good luck!!
cpark is offline   Reply With Quote
Old 19 March 2016, 06:54 AM   #11
joeychitwood
"TRF" Member
 
joeychitwood's Avatar
 
Join Date: Oct 2009
Location: Way Up North USA
Watch: Rolexes & Tudors
Posts: 6,361
I think I've done what I can for now. I created new passwords for every website on which I do business. Talked with my local bank. All in all, an incredibly tedious task.

I'm aware Trump was hacked by Anonymous. My point was that no one is safe.
joeychitwood is offline   Reply With Quote
Old 19 March 2016, 06:55 AM   #12
Highland Ranger
"TRF" Member
 
Join Date: Apr 2007
Location: USA
Posts: 573
Keepass - open source password management that includes a password generator. Switched to it when PayPal account got hacked a few years ago and they kind of blamed me.

Allows you to have different random passwords generated according to whatever system policy is . . . no one will be able to guess a 256 character random generated password. So if account compromised it is because they lost a backup tape.

Package has a Windows app, Mac app, iPhone app and Android app.

Sent from my Nexus 6P using Tapatalk
Highland Ranger is offline   Reply With Quote
Old 19 March 2016, 09:06 AM   #13
kulak
"TRF" Member
 
Join Date: Dec 2012
Location: USA
Posts: 245
I personally don't trust any password software to run on a machine connected to the Internet. There is too much risk and I personally don't want to invest the time to analyze network traffic or block connectivity by application.
kulak is offline   Reply With Quote
Old 19 March 2016, 09:14 AM   #14
rr-nyc
Liar & Ratbag
 
Join Date: Nov 2009
Real Name: Renato
Location: NYC / Miami Beach
Watch: Rolex Daytona
Posts: 5,344
Someone clearly has enough of your information to try stealing your identity. How else would they even know which financial institution to go after your brokerage account?

I've had people try to reset my facebook account and my icloud account but thats the extent of it. It sounds like you are doing the right things so far. Best of luck keeping everything safe
rr-nyc is offline   Reply With Quote
Old 19 March 2016, 12:07 PM   #15
joeychitwood
"TRF" Member
 
joeychitwood's Avatar
 
Join Date: Oct 2009
Location: Way Up North USA
Watch: Rolexes & Tudors
Posts: 6,361
Quote:
Originally Posted by rr-nyc View Post
Someone clearly has enough of your information to try stealing your identity. How else would they even know which financial institution to go after your brokerage account?
They actually knew my Facebook password, which I change every few weeks and my spouse's Apple account ID. This was a very specific attack.
joeychitwood is offline   Reply With Quote
Old 19 March 2016, 12:08 PM   #16
joeychitwood
"TRF" Member
 
joeychitwood's Avatar
 
Join Date: Oct 2009
Location: Way Up North USA
Watch: Rolexes & Tudors
Posts: 6,361
I am thinking that I was compromised while on our hotel wifi in Mexico last week or in the Minneapolis airport while using the wifi there.
joeychitwood is offline   Reply With Quote
Old 19 March 2016, 12:45 PM   #17
BLACKHORSE 6
"TRF" Member
 
BLACKHORSE 6's Avatar
 
Join Date: May 2013
Real Name: Dave
Location: USA
Watch: Rolex SS Daytona
Posts: 2,679
Sorry to hear. Good luck getting everything straightened out.

My company issued me a Verizon Jetpack that I use instead of public wifi, mainly for this reason.

Won't help with hackers, but I also use a RFID shielded wallet to protect my credit/debit card information. I even bought a RFDI passport wallet for traveling.
BLACKHORSE 6 is offline   Reply With Quote
Old 19 March 2016, 01:08 PM   #18
subtona
"TRF" Member
 
subtona's Avatar
 
Join Date: Jan 2011
Real Name: gus
Location: East Coast
Watch: APK & sometimes Y
Posts: 26,601
What a PIA.

Hopefully you've caught it in time and can harden your security.

The more advanced we get the more catastrophic the impact of a breach becomes.

Personal cloud storage is at the nexus of the worst possible outcome.
__________________
subtona is online now   Reply With Quote
Old 19 March 2016, 01:20 PM   #19
Highland Ranger
"TRF" Member
 
Join Date: Apr 2007
Location: USA
Posts: 573
Quote:
Originally Posted by joeychitwood View Post
I am thinking that I was compromised while on our hotel wifi in Mexico last week or in the Minneapolis airport while using the wifi there.
I invested in a VPN for the home office. Whenever I travel I connect phone and PC to the VPN. Routes l traffic thru encrypted tunnel thru office - no hacking.

Sent from my Nexus 6P using Tapatalk
Highland Ranger is offline   Reply With Quote
Old 19 March 2016, 01:23 PM   #20
Highland Ranger
"TRF" Member
 
Join Date: Apr 2007
Location: USA
Posts: 573
Quote:
Originally Posted by kulak View Post
I personally don't trust any password software to run on a machine connected to the Internet. There is too much risk and I personally don't want to invest the time to analyze network traffic or block connectivity by application.
It's encrypted and password protected safer than paper and ability to quickly cut and paste very strong passwords is invaluable.

Good compromise between living under a rock, and having your life disrupted.

Sent from my Nexus 6P using Tapatalk
Highland Ranger is offline   Reply With Quote
Old 19 March 2016, 01:51 PM   #21
rollthedice
"TRF" Member
 
Join Date: Dec 2015
Real Name: Chris
Location: All over
Posts: 65
1password is a great software, all local as well.. however you can choose to sync your encrypted 1password db over dropbox/icloud for backups/other devices (even if someone gets a hold of it, they can't unlock it without your master password which of course you make complex and never tell anyone or use it for anything else :p)

i am in the IT security business and 1password is one of the best applications out there for the normal guy, security paranoid people can enable 2 step verification etc on most applications again if they're paranoid or want an extra step.

using the same password for multiple things just makes a hackers life even simpler, every password I have is different... while it may be cumbersome at some times its well worth it.
rollthedice is offline   Reply With Quote
Old 19 March 2016, 10:42 PM   #22
kulak
"TRF" Member
 
Join Date: Dec 2012
Location: USA
Posts: 245
Quote:
Originally Posted by Highland Ranger View Post
It's encrypted and password protected safer than paper and ability to quickly cut and paste very strong passwords is invaluable.

Good compromise between living under a rock, and having your life disrupted.

Sent from my Nexus 6P using Tapatalk
It gets decrypted for you to see it. It's not so far fetched that either you have malware taking screenshots of your system or the software itself transmits it.

The only safeway to use software like this is offline on a computer without access to the network. They call this air-gapping in the industry.
kulak is offline   Reply With Quote
Old 20 March 2016, 01:07 AM   #23
Highland Ranger
"TRF" Member
 
Join Date: Apr 2007
Location: USA
Posts: 573
Quote:
Originally Posted by kulak View Post
It gets decrypted for you to see it. It's not so far fetched that either you have malware taking screenshots of your system or the software itself transmits it.

The only safeway to use software like this is offline on a computer without access to the network. They call this air-gapping in the industry.
Security is a compromise between putting everything under a rock and everything out in the open.

In the case of an air gapped machine storing strong 256 character random passwords, (the under rock) how practical would that be to use every time you access amazon?

Not very. Appropriate for storing nuclear launch codes, not for regular person shopping eBay.

Some common sense precautions about where and how you connect, some good browsing habits and differing and strong passwords should be enough.



Sent from my Nexus 6P using Tapatalk
Highland Ranger is offline   Reply With Quote
Old 20 March 2016, 01:58 AM   #24
jolimont
"TRF" Member
 
jolimont's Avatar
 
Join Date: Jan 2012
Real Name: Will
Location: land of oz
Watch: sundial
Posts: 2,219
Sorry to hear that doc
It could have been much worse!
jolimont is offline   Reply With Quote
Old 20 March 2016, 02:59 AM   #25
subtona
"TRF" Member
 
subtona's Avatar
 
Join Date: Jan 2011
Real Name: gus
Location: East Coast
Watch: APK & sometimes Y
Posts: 26,601
Quote:
Originally Posted by rollthedice View Post
1password is a great software, all local as well.. however you can choose to sync your encrypted 1password db over dropbox/icloud for backups/other devices (even if someone gets a hold of it, they can't unlock it without your master password which of course you make complex and never tell anyone or use it for anything else :p)

i am in the IT security business and 1password is one of the best applications out there for the normal guy, security paranoid people can enable 2 step verification etc on most applications again if they're paranoid or want an extra step.

using the same password for multiple things just makes a hackers life even simpler, every password I have is different... while it may be cumbersome at some times its well worth it.
if someone can access information by entering a password we are vulnerable. even in 2 step verification, it is only a bandaid.

once upon a time your Birthday, SS # & Mothers Maiden Name served as the keys to protecting your data security, after a few years that very information was on everyones database and has become widely available to hackers.
The second you enter your next level security, the information is stored on another piece or pieces of hardware for someone to hack, it is a horrific spiral.

ultimately our habitual and mindful security practice may be our best defense but the world is changing so fast without govt protections being put in place (the US govt (I suspect the others as well) has their own agenda for our privacy)

i am no expert, i have only maintained an acute awareness of the evolution technology and its pitfalls since my palm pilot days. my friends know me as the guy they laughed at for putting a post it note on the computer camera… years later they all have their cameras covered.

since your in IT security, i welcome any information that would provide a level of comfort and security. i frequently speak with a good friend who has a leading role in IT security for big banks, it is a daunting task to say the least


most importantly, i do not think i would ever be comfortable stacking all my passwords on a cloud based 3rd party site where i am certain they have a hackers crosshairs on them or maybe even funded by a hacker group or govt 4th party.

__________________
subtona is online now   Reply With Quote
Old 20 March 2016, 03:05 AM   #26
Baco Noir
"TRF" Member
 
Baco Noir's Avatar
 
Join Date: Dec 2007
Real Name: Roger
Location: Colorado
Watch: this ya'll
Posts: 4,973
Quote:
Originally Posted by joeychitwood View Post
I am thinking that I was compromised while on our hotel wifi in Mexico last week or in the Minneapolis airport while using the wifi there.

For future info, I use my cell phone as a hotspot rather than connecting to public wifi for this reason.

I hope all your data is safe and I'm going to read the rest of this thread now to learn even more about securing my info. You can never be too safe.
__________________
Current Collection: Rolex 126619LB, 116710BLNR, and 216570 polar Explorer II; Omega Apollo 8 Speedmaster and Planet Ocean 42; Tudor BB Bronze Bucherer Blue Edition; Nomos Neomatik 42; Breitling Aerospace, Avenger Blackbird, & SuperOcean 44; Doxa 300 Pro Carbon; Stowa Limette; Laco Napa Flieger; Mickey Mouse Timex Electric; and dare I say it...an Apple Watch too
Baco Noir is online now   Reply With Quote
Old 20 March 2016, 07:40 AM   #27
East Bay Rider
"TRF" Member
 
East Bay Rider's Avatar
 
Join Date: Oct 2007
Real Name: Bill
Location: East Bay RI
Watch: GMT-II 16710LN
Posts: 12,073
That's awful. I tend to use a similar password for many accounts. It's a bad practice I know and one I should change but with so much of what we do requiring a password how does one keep track of them all?


__________________
I bought a cheap watch from the crazy man
Floating down canal
It doesn't use numbers or moving hands
It always just says "now"
Now you may be thinking that I was had
But this watch is never wrong
And if I have trouble the warranty said
Breathe In, Breathe Out, Move On
J. Buffett
Instagram: eastbayrider46
East Bay Rider is offline   Reply With Quote
Old 20 March 2016, 10:34 AM   #28
handsfull
"TRF" Member
 
handsfull's Avatar
 
Join Date: Apr 2010
Real Name: J
Location: The great Midwest
Watch: youlookinat?
Posts: 2,369
I never go to any bank accounts via public wifi. Ever.

With your situation, I would scan your devices THOROUGHLY for any keylogging style malware.
handsfull is offline   Reply With Quote
Old 20 March 2016, 10:44 AM   #29
Boothroyd
2024 SubLV41 Pledge Member
 
Boothroyd's Avatar
 
Join Date: May 2011
Real Name: Daniel
Location: Minneapolis, MN
Watch: Wilsdorf(s)
Posts: 10,259
Joey, sincerely hope this gets under control, and thank you for mentioning your suspicion that wireless connection at MSP might have been the point of breach. Appreciate that.
Boothroyd is offline   Reply With Quote
Old 20 March 2016, 11:33 AM   #30
Rocket_Man
"TRF" Member
 
Join Date: Jun 2015
Location: Houston TX
Posts: 1,332
I use LastPass and any of my financial accounts have long random passwords that I don't even know (ok I can see them but I can't remember them). I can only log in using the tool. It is available on all browsers and my iPhone. However, I suspect your laptop got a key logger virus and I would no longer trust my laptop. I'd completely wipe it and reinstall it from the OS up. All these new passwords you have created may already be compromised.

I had my checking account compromised a few years ago. My bank caught it pretty quickly. I filed a police report, but they don't really investigate crimes like this. Sad, but it is too common. I think it was my landscaper who is the only person I ever wrote checks to. But even with a lead they won't bother to investigate.
Rocket_Man is offline   Reply With Quote
Reply


Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools
Display Modes

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is On
HTML code is Off

Forum Jump

Wrist Aficionado

My Watch LLC

WatchesOff5th

DavidSW Watches

Takuya Watches

OCWatches


*Banners Of The Month*
This space is provided to horological resources.





Copyright ©2004-2024, The Rolex Forums. All Rights Reserved.

ROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEXROLEX

Rolex is a registered trademark of ROLEX USA. The Rolex Forums is not affiliated with ROLEX USA in any way.