Hacked / Someone got my password

[Chris230291]

Hello. Yesterday i got an email from Apple telling me my apple ID password had been reset. I then followed the instructions to change it again if it wasn't me that changed it initially (it wasn't). I was worried but thought nothing of it.
Today though i got another email, this time from google telling me the same thing! I've gone ahead and changed it now but i'm looking for advice on the subject really. What else should i do as a precaution? Never had anything like this happen before.

Cheers,
Chris.

EDIT: Heres what google said regarding the location...

Wednesday, 10 April 2013 11:09:01 o'clock UTC
IP Address: 114.97.79.164
Location: Hefei, Anhui, China

So it's not a mate playing around or anything.

 

[Tripp]

ouch that sucks buddy :/

 

[Feronix]

First step would be to make sure that these emails are actually from Apple and/or Google before you fill out any of your details. 'Fishing' happens a lot, where hackers pretend to be some major company and tell you that your account is being hacked and you should enter your details. The link in the email is fake and just sends your details to the hacker.

I get them from Blizzard all the time, 'Your WoW account is being hacked'. I've never played that game in my life...

 

[Chris230291]

ouch that sucks buddy :/

I know right! haha

First step would be to make sure that these emails are actually from Apple and/or Google before you fill out any of your details. 'Fishing' happens a lot, where hackers pretend to be some major company and tell you that your account is being hacked and you should enter your details. The link in the email is fake and just sends your details to the hacker.

I get them from Blizzard all the time, 'Your WoW account is being hacked'. I've never played that game in my life...

Thanks for the reply. So how do i make sure? Both the Google link and the Apple link said "https" in the URL bar, does that mean it's kosher?


Cheers,
Chris.

 

[Damien c]

First step would be to make sure that these emails are actually from Apple and/or Google before you fill out any of your details. 'Fishing' happens a lot, where hackers pretend to be some major company and tell you that your account is being hacked and you should enter your details. The link in the email is fake and just sends your details to the hacker.

I get them from Blizzard all the time, 'Your WoW account is being hacked'. I've never played that game in my life...

I get those emails as well, and also from various banks that I don't use.

If I get a email like that from a company I do use though, I normally look for a Customer Services number and give them a ring if I cannot spot anything within the email that would, make me think it's a fake email.

If I did give my details away though, or someone managed to get my details without me giving them to anyone the 1st thing I would do is reinstall windows, after using something like the Acronis Boot Disc to perform a secure erase of the hard drive to clear anything off it.

I would then go to every place I needed to and change all the passwords just to be on the safe side.

My Twitter account somehow managed to be hacked, and I simply did what I said above and then created a new Twitter account as the person who hacked it, got me blocked from a couple of people I follow due to the tweets they were sending.

 

[jamesriley94]

I'd have thought that to do this, they'd need your email account password.

With that, they could have done any form of password resets really. Without that, they'd be answered secret questions and stuff like that I'd assume...

So, you should just be able to change your passwords on email accounts, along with secret answers and hackers may have changed that to something they know in case you got wise to it, and it *should* stop.

I remember back in the days when I was about 12 and used MSN, when there used to be constant links sent to me to things like: 'Find out who's blocked you on MSN!' 'cause y'know, blocking people on MSN was the cool thing to do back in those days..... And all you needed to do was type in your email address and password!.... Which of course then just gave the 'hacker' at the other end access to your accounts. But I'm not too sure how successful getting the MSN password of 12 year old girls and boys will have been for them.

Not saying you've done anything that stupid of course, but any slightly dodgey site where you may have used the same password as your email accounts could have been hacked itself, or sold your details on. Just be careful which sites you use in the future, and if they're relatively unknown sites, maybe use a completely different password to anything else.

 

[Chris230291]

TWITTER! I best go save that haha.

Reinstall Windows? Is that because you think there might be malicious software installed someplace? I don't use Windows so i should be fine?

I've got to be honest, these emails seem legit. I know the emails people are talking about but i don't get them anymore. My ISP does a stella job at removing them and
i have never received one through iCloud.

Chris.

 

[SeekaX]

i don't really know what you expect. there is only so much you can do with a web account to secure it. take a random order of upper/lower case letters and numbers. does apple have options like battle.net or steam for a random generated code you have to enter or an e-mail verification for each ip/application entering the account?
don't have any experience with itunes since a few years ago when i installed it for my brothers ipod, it killed my performance and i fought with it an entire day to get rid of it.
/edit
oh yea check for keyloggers

 

[Chris230291]

I'd have thought that to do this, they'd need your email account password.

With that, they could have done any form of password resets really. Without that, they'd be answered secret questions and stuff like that I'd assume...

So, you should just be able to change your passwords on email accounts, along with secret answers and hackers may have changed that to something they know in case you got wise to it, and it *should* stop.

I remember back in the days when I was about 12 and used MSN, when there used to be constant links sent to me to things like: 'Find out who's blocked you on MSN!' 'cause y'know, blocking people on MSN was the cool thing to do back in those days..... And all you needed to do was type in your email address and password!.... Which of course then just gave the 'hacker' at the other end access to your accounts. But I'm not too sure how successful getting the MSN password of 12 year old girls and boys will have been for them.

Not saying you've done anything that stupid of course, but any slightly dodgey site where you may have used the same password as your email accounts could have been hacked itself, or sold your details on. Just be careful which sites you use in the future, and if they're relatively unknown sites, maybe use a completely different password to anything else.

Yes i had to answer the secret questions and stuff to complete the process. < makes it seem even more legit?

No no i haven't done anything silly like put my details into MSN haha.

The only thing i can think of signing up to recently is http://bannediphone.com
This is so i was able to download a .deb file someone had uploaded there.

Chris.

 

[dugdiamond]

Hello. Yesterday i got an email from Apple telling me my apple ID password had been reset. I then followed the instructions to change it again if it wasn't me that changed it initially (it wasn't). I was worried but thought nothing of it.
Today though i got another email, this time from google telling me the same thing! I've gone ahead and changed it now but i'm looking for advice on the subject really. What else should i do as a precaution? Never had anything like this happen before.

Cheers,
Chris.

EDIT: Heres what google said regarding the location...

Wednesday, 10 April 2013 11:09:01 o'clock UTC
IP Address: 114.97.79.164
Location: Hefei, Anhui, China

So it's not a mate playing around or anything.

easy fix....

sent the email to your junk folder... the REAL links will be made visible. if they do NOT match the 'fake' address in the original... stay well clear.

i get alot of these every day. outlook and windows8 mail are really good as sorting out spam, but the occasional one or two get through.

AND
the address CHINA... is a dead giveaway... it should be USA

 

[Chris230291]

No you misunderstood that part, China is the location of the security breach or whatever they call it.

I cant check by putting anything in the spam folder as i have now deleted the emails.

Everything seems fine now and i've changed all accounts that used the same login details. See how it goes i guess.

Thanks for the comments guys.

Chris.

 

[Damien c]

TWITTER! I best go save that haha.

Reinstall Windows? Is that because you think there might be malicious software installed someplace? I don't use Windows so i should be fine?

I've got to be honest, these emails seem legit. I know the emails people are talking about but i don't get them anymore. My ISP does a stella job at removing them and
i have never received one through iCloud.

Chris.

The reinstall of windows is just something I do as I really don't trust the anti-virus and anti-malware software to fully remove all traces of something from the pc.

To be honest though I have not had to do a reinstall of windows for that sort of a reason for a long time now, and instead it's either because of a upgrade to the pc or I am changing between os's.

 

[SPS]

This may or may not be a real. Any resetting of passwords should always be done by going to the company's site and going through the reset password steps as opposed to clicking any links in the email.

One more important thing is to have a different password for EACH account.
And here's a tip on password security from xkcd.