I Got Hacked
- Thread starter troym514
- Start date
Solution
BFG-9000
Splendid
- Sep 17, 2016
- 3,424
- 440
- 27,090
If you are certain it was a PC that got hacked instead of the more likely email or a retailer (either online or a brick & mortar such as a restaurant using a second stripe reader or gas station skimmer), then I would suggest using a separate, dedicated PC for only shopping and banking. And only when all other PCs on the network are shut down.
If you don't have a spare PC I've always found booting to a live CD with a distro that doesn't mount your disks to be a good bet. It can be something as simple as Webconverger which is a Firefox browser-only OS. Just keep in mind whenever such a system is rebooted, everything is lost so you have to type in site passwords each time and won't have access to any browser history.
And finally, never use a debit card when shopping. I've never even activated a debit card before.
If you don't have a spare PC I've always found booting to a live CD with a distro that doesn't mount your disks to be a good bet. It can be something as simple as Webconverger which is a Firefox browser-only OS. Just keep in mind whenever such a system is rebooted, everything is lost so you have to type in site passwords each time and won't have access to any browser history.
And finally, never use a debit card when shopping. I've never even activated a debit card before.
"Hacked" is very ambiguous. Just because an account was hacked in zero ways means your PC itself was hacked.
If you use the same password on facebook, dropbox, hotmail, walmart.com, tomshardware, and every other forum on the internet then all it takes is one of those sites to have its user database hacked, and now they have your password for all of those accounts. There is an actual black market and "street value" for hacked account passwords.
Dropbox's biggest "hack" was because an Admin used the same password for his admin level dropbox account as he did for everything else, so when they got his password from somewhere else, they then got full access to dropbox servers.
Formatting and reinstalling windows will flush out any infection currently on your PC and is likely a step that needs to be taken.
The other big thing you need to do though is use good password policies.
I use a layered approach start off with a decent base password (with say 8-10 numbers and letters) and the entire letter portion of the password should not be a dictionary word. Use this for sites like tomshardware. At level 2 (social media) have something 100% different, assume this password is compromised at all times. At level 3 (email, cloud storage, sites with your data on it) make the base password more complex with a variation for each different site. At level 4 (ecommerce sites like amazon) then add another variation, and finally level 5 (financial so banks, credit card accounts, etc) you should add another variation to the password.
This layered approach prevents spillage of a password from one layer being able to be used on a higher level. If you standardize what the variation is then it will not be that much harder for you to remember each password
If you use the same password on facebook, dropbox, hotmail, walmart.com, tomshardware, and every other forum on the internet then all it takes is one of those sites to have its user database hacked, and now they have your password for all of those accounts. There is an actual black market and "street value" for hacked account passwords.
Dropbox's biggest "hack" was because an Admin used the same password for his admin level dropbox account as he did for everything else, so when they got his password from somewhere else, they then got full access to dropbox servers.
Formatting and reinstalling windows will flush out any infection currently on your PC and is likely a step that needs to be taken.
The other big thing you need to do though is use good password policies.
I use a layered approach start off with a decent base password (with say 8-10 numbers and letters) and the entire letter portion of the password should not be a dictionary word. Use this for sites like tomshardware. At level 2 (social media) have something 100% different, assume this password is compromised at all times. At level 3 (email, cloud storage, sites with your data on it) make the base password more complex with a variation for each different site. At level 4 (ecommerce sites like amazon) then add another variation, and finally level 5 (financial so banks, credit card accounts, etc) you should add another variation to the password.
This layered approach prevents spillage of a password from one layer being able to be used on a higher level. If you standardize what the variation is then it will not be that much harder for you to remember each password
steve-kj
Distinguished
- Aug 18, 2014
- 15
- 0
- 18,510
If possible, you should try to find out the point of vulnerability of where the hack occurred.
Based upon that finding, if possible, your mitigation and "iron fortress" preventative steps should be determined from there.
If you haven't already, contact Walmart and try to find out how that the hackers got your debit card info.
If the hack occurred is related from your web browser, you should start there, maybe like a software update.
For example, if you're using Internet Explorer, try updating to the latest version if it's already not.
And like the other commentors, you'll want to change your account passwords for other websites.
It can be difficult for some to sort out a real penetration form the ever-so-plentiful spoof notifications of hackings, which are simply social engineering/ password gathering attempts...; they are about 20 times more common than actual hacks....
HUndreds of people a day fall victim to such ruses on Facebook, Paypal, etc....; they will be even more dangerous when the 'evil-ones' stop making basic English/spelling/grammar mistakes...
HUndreds of people a day fall victim to such ruses on Facebook, Paypal, etc....; they will be even more dangerous when the 'evil-ones' stop making basic English/spelling/grammar mistakes...
They probably used a keylogger. Ive started using Malwarebytes before typing in any of my passwords and card information..Its probably a prank from someone Ive met online. The 4 purchases were $8 to $13 but I want to keep them out of my PC.
TRENDING THREADS
-
-
Question PC stutters and massive FPS drops on every game.- Started by NovemberRaiN404
- Replies: 11
-
News Firefox user loses 7,470 opened tabs saved over two years after they can’t restore browsing session- Started by Admin
- Replies: 58
-
News Latest AMD Strix Point leak highlights monster 120W TDP and 64GB RAM limit
- Started by Admin
- Replies: 9
Facebook
Twitter
Instagram