1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Need Advice About A Hacked Website

Discussion in 'General Discussion' started by Cyclone, 28 Dec 2020.

  1. Cyclone

    Mobster

    Joined: 23 Sep 2007

    Posts: 3,888

    Location: Essex

    I signed up to a website last month, and using my debit card to access extra bits. (It's an NZB site so nothing pervy :))

    But I had an email from the hacked site saying they got 'user/pass, email addy and last connected ip address' from the database they copied.

    I will ring my bank and get my debit card sorted, but can the hackers gain anything from the IP number I connected with?? I mostly use the same user/pass on the majority of the websites I go on.

    The above site is down at the mo for maintenance, so I cant ask on there.

    Thanks in advance !!
     
  2. Selekt0r

    Wise Guy

    Joined: 18 Oct 2002

    Posts: 1,738

    Location: Kent, UK

    You really need to change the password on every other website if you use the same user/pass on each one - especially now that one is confirmed to be compromised. Use a password manager like Keepass or Lastpass to generate a different long/random password for each one.
     
  3. Cyclone

    Mobster

    Joined: 23 Sep 2007

    Posts: 3,888

    Location: Essex

    Thanks for reply

    So they can see what website i've been on from my IP?? I looked on my 'saved logins' and there's loads with the same info :(

    I'll look at the password manager you mentioned
     
  4. Efour

    Caporegime

    Joined: 8 Sep 2005

    Posts: 26,882

    Location: Norrbotten, Sweden.

    Change alllllll your password and use a keeper and 2 step auth for the important stuff
     
  5. Selekt0r

    Wise Guy

    Joined: 18 Oct 2002

    Posts: 1,738

    Location: Kent, UK

    No they probably can't, but they don't need to. There are programs/bots which will just try your set of re-used credentials across thousands of common websites and probably find a few that you have used them on.
     
  6. Cyclone

    Mobster

    Joined: 23 Sep 2007

    Posts: 3,888

    Location: Essex

    What a nightmare :eek::(

    Thanks guys
     
  7. Puzzled

    Sgarrista

    Joined: 9 Jul 2003

    Posts: 8,143

    Don't use the same password for your lastpass account :p

    I had to do the same a few years ago, its annoying but I found loads of old active accounts for sites I had completely forgotten about (went through old emails) so it was a good opportunity to make those more secure or delete them if possible.
     
  8. Coran

    Gangster

    Joined: 27 Nov 2006

    Posts: 215

    If your email account password is the same, that should be the first one to change. Access to your email allows someone to use a program/bot to run the forgotten password feature on sites where the compromised password fails.
     
  9. BowdonUK

    Soldato

    Joined: 17 Jan 2016

    Posts: 5,403

    I noticed a copy of the message on another forum.

    It seems they installed a keylogger on the website as well. I wonder how they managed that?
     
  10. Stovehead

    Associate

    Joined: 8 Sep 2020

    Posts: 57

    Bitwarden is free, cross platform and open source. (Password manager) Higjky recommended.
     
  11. Megahurtz400

    Sgarrista

    Joined: 5 Jun 2007

    Posts: 8,252

    Location: Colchester

    First of all, change all your passwords for everything.

    Then head over to https://www.lastpass.com/ and get that set up, super easy and simple to use :)
     
  12. arknor

    Caporegime

    Joined: 22 Nov 2005

    Posts: 39,261

    Location: Newcastle/Zurich

    sounds like a terrible website
    NO and your IP probably changed since then anyway.

    They could see where you live down to about 0.5miles though if it's still your IP using one of those ip geolocator websites

    if your rich in a mansion with no others houses around you might get a visit soon :D
     
  13. .Lethal

    Soldato

    Joined: 8 Jun 2005

    Posts: 7,377

    Location: United Kingdom

    Don't just look at it, make sure you get a password manager and spend an evening going through everything. It's crazy to hear people are still using the same user/password in 2020.
     
  14. Cyclone

    Mobster

    Joined: 23 Sep 2007

    Posts: 3,888

    Location: Essex

    I've cancelled my debit card and ordered a new one.

    In my Login section within Waterfox settings - I've changed all the passwords with the sites I frequent the most. There are a couple I'm not too bothered about as I havent used them in years.

    And I've changed my email password.

    I did install keePass. Seems easy in a complicated way lol

    First time something like this has happened to me. When it was mentioned they got a copy of the IP number I used I automatically thought they could see every site I've been on. Ive gone super paranoid :eek::(

    Thanks again guys for the help/advice. Much appreciated :)
     
    Last edited: 29 Dec 2020
  15. Belly

    Wise Guy

    Joined: 25 Jun 2006

    Posts: 1,318

    Location: Somewhere East of Eden

    Hi, by this are you saying that the bona fide site, which was hacked, sent you an email or the hackers sent you an email? Must be worrying wondering if the email was spurious too.
     
  16. Feek

    Commissario

    Joined: 16 Oct 2002

    Posts: 232,413

    Location: In the radio shack

    You should change them as well, especially if there's any chance whatsoever that you're using passwords for them that you use elsewhere. It doesn't matter that you don't use them, they are a potential risk.
     
  17. Bouton Aide

    Caporegime

    Joined: 9 Aug 2008

    Posts: 28,973

    It’s getting to that stage now that people need to use 2fa/mfa with a password manager. Using one password on all sites is asking to be done over at some point.
     
  18. Cyclone

    Mobster

    Joined: 23 Sep 2007

    Posts: 3,888

    Location: Essex

    From the bona fide site :)

    Thanks, I'll go through them and change them as well.

    Have to agree on this, after being kicked in the nuts (so to speak).

    Thanks again guys.
     
  19. dan958

    Wise Guy

    Joined: 14 Oct 2012

    Posts: 1,256

    There also could be extra issues depending on how the website does the transactions. The website could be storing the card details in plain text, for example. So just check through all your recent transactions (you already said you were getting a new card)
     
    Last edited: 30 Dec 2020
  20. AtaRo

    Wise Guy

    Joined: 4 Aug 2008

    Posts: 1,935

    Looks like they only found out about the breach when one of their disk failed last week.

    I wonder how long their server were compromised with the key logger before they found out if not for the failed drive.