Hacked? Any advice?

this Isn’t RW question but I’d really appreciate any advice.
I use a Mac that no one else has access to.
In the last 2 days many of my accounts have been hackwd. I was on Facebook when I was jumped off because someone had changed my password… when I emailed fb they said my account was banned for ever for non compliance ( I only post pics of my dog !)
Yesterday my amazon prime same thing … when I enter my email it says email undress is not known in their system. Really weirdly when I click on sign in … some random guys .yop email address is in there ! I can’t even get through to amazon to report it.
PayPal emailed to say my password had been changed ! I’m so worried I don’t know what best thing to do is. Do you think someone has accessed my computer !?
I had rapidwwaver problems 2 weeks ago I dont think it was related … but files had moved all over the place and I had to re install RW and stacks.
Any advice greatly appreciated

First of all, download free malwarebytes at https://www.malwarebytes.com/mac/ and check if your Mac has been compromised.

Which mobile phone do you use?

1 Like

Thanks Jan I’ll do that now.

I use an iPhone XS
Also an iPad
Macbook pro
macbook

None of them are EVER used by anyone else. It seems like all bank accounts are ok. Not that there is anything in them anyway ! Amazon Prime I cant even access because like facebook my account seems not to exist.
Its weird becase on saturday morning my facebook worked and it said I had accepted the friend request of a guy in Vietnam. (I haddnt, I use it only for friends and family) Then later as I was on facebook chat i got bumpped off. I’ll try the link you gave me. Its so freeeeky !

I tried the https://www.malwarebytes.com/mac/

It says no threats detected everything 0

I dont know it that makes me feel better or worse!

Please check your other computers and the phone as well. Next, contact Amazon (call them) as well as Facebook to regain your accounts. Your facebook account has been hacked and therefore additional info that comes with it - this mostly happens when you click on an offer/game etc. on Facebook and enter your e-mail address and password to confirm that.

1 Like

As soon as you regain control, change all passwords and use the two factor authentification for Amazon/Facebook etc.

Do you use a password manager? If so, could that have been compromised?

Good luck!

I use 1password for storing all my passwords.

I have been onto Amazon and they were amazed what the person had managed to do.

I was unable to enter my account because it said email not in system. She (The lady at Amazon) could see that my email was in the system. Yet it was connected to a different address. She could not tell me the address or country!) REALLY weird was that his email address was on my Amazon login page and that was an email address that he had used …she confirmed that. So he had managed to take over my account. They are on it. I guess I’ll never know what happened. But it was quite sophisticated …

Sorry to hear you’re going through that and hope you’ve had some success. I went through something similar a couple years ago which came to light when someone got into my PayPal account and tried to withdraw a large amount of money that I didn’t have. It ended up bouncing at my bank (they were kind enough to waive the NSF fee). I changed my PayPal password, but later it happened again and this time PayPal didn’t allow it to go through. Later again, in the middle of the night I woke up to light coming from my desk. The monitor was lit up and I saw someone controlling my computer. So somehow via VNC they had figured out my password, would log in and go through my browser history. I had been browsing Amazon hours earlier so they tried to buy stuff which Amazon flagged as suspicious and cancelled it. The hacker would then go into my email and delete the warning emails. The thing is, my iPhone would show me the email notifications on the lock screen so I suspected something already. So this is what I changed:

  • stopped using keychain to remember web passwords, so I need to enter them every time
  • stopped using VNC, at least on the default port which apparently hackers monitor
  • change all passwords - my strategy is on sites that are just forums like this one, basically sites that aren’t stores or banking etc, I use a one different password and a secondary email address. On all other sites, I use my main email address and each password is actually a phrase with some random capital letters and a number or symbol, and then a word unique to each site. For instance “readyF0rsummer-banking” or “readyF0rsummer-shopping” or even flip some the other way like “creditcard-readyF0rsummer”. Of course you can go even further and have each site be random characters that you can’t remember, but I can remember all my passwords in my head without a password app.
2 Likes

I’ve had a lot of success and positive experiences with ExpressVPN as well. Good luck!

How is your firewall configured, to prevent remote control of your machine(s)?

1 Like

Thank you all of you for being so kind. I LOVE this forum and didnt know where else to turn.

So stressful especially right now when the world has gone nuts.

I am changing all passowrds to everything and following all the advice you have given.

I have added Express VPN.
Is there anything else I should add ? Im hessitant to add anything without getting advice first … for fear of making things worse.

They tried to access my email too. But Greg at Chillidog stopped them ! Shout out to Greg and Chillidog hosting !

I got Express VPN for 1 year. Hopefully that will stop access?

I dont think I have a firewall configured … How do I do that ?

THANK YOU

@Figo, we’re always glad to help here if we can. You’ve had a real ‘hit’. So sorry!

Here is a link to setting up Apple’s built-in firewall. It may be all you need for the future. Which settings you leave open will vary according to your circumstances. For now you might want to try and make it as watertight now as you can.

If someone’s really gained remote access to your machine somehow, that’s a little unusual, and I suggest contacting Apple themselves for guidance as to how to locate the event in your system logs. Strongly suggest not deleting anything from Time Machine so that you can get back to the snapshot of five days or so ago, when it seemed as though that may have happened.

A VPN won’t stop anyone accessing your machine. But it will hide your ‘real’ (the one used by your ISP) IP address and make the transmission of any personal data between devices harder to stumble across if someone really has compromised your basic defences.

When your first post said ‘(many of my) accounts’, were ‘hacked’, were you referring to online login credentials? If so, these have nothing to do with your own local machine’s security - unless you had the same passwords for many logins etc. In that case, it is possible (though unlikely) that someone got one, and tried using it to gain access to others. I doubt that the difficulties you were having with RW were connected.

Let’s hope not.

Thanks Mark.
So I did have the Apple Firewall on.

Somehow I dont think they had access to my mac either.
I had RW set up on 2 computers and I may have messed up where stacks were kept somehow.
Then I got it more and more muddled … though I must say it was pretty weird!

I think the hackers may have taken my email address and used that as user name …then ran software to crack the passwords?
Actually about 2 weeks ago I got an email from Paypal saying I had requested a password change. I did email them to say I hadn’t.
When your first post said ‘(many of my) accounts ’, were ‘hacked’, were you referring to online login credentials?

Yes … they seem to have tried Stripe, Paypal Chillidog email and to the best of my knowledge failed.
They managed to get into Amazon and Facebook

The creepy thing is that on Amazon …when I tried to access my account from my computer the guys email address was in the signup box ! Even when I tried another browser ! So I just don’t know.

Also they tried to access a microsoft account I had completely forgotton I had … and had no cc info linked etc.

@Figo,

My pleasure; I hope this is helpful… some of it.

Good luck with sorting out your two versions of RW; that was this thread, wasn’t it?

I don’t know of any software which uses one entity (your email address) of the login/password combination to derive the other (password) without prior access to a location (e.g. Amazon’s LDAP server) where they exist as a pair.

From what you say, and not knowing the details, it may well be that the first exploit was on your PayPal account. Unfortunately, I have found PayPal particularly unhelpful in solving such issues: all the agents to which you have access (by email or phone - even before the current crises) can’t access security information and are unable/unwilling to advise.

Without giving any information here, were your Facebook, Amazon and PayPal credentials all different? If so, I’d have thought it unlikely that whoever seems to be doing this could use one to get another.

There is one famous case of a Wired journalist who experienced a kind of cascading attack; and what he did to put things right is detailed here.

I’d call Apple and see if they know any way in which to have another person’s email address as your login (for Amazon) is possible without that other person having gained access to your computer. Unless, perhaps, either:

  • you entered a URL which had arguments (the parameters after the ? In the address) which somehow contained that part of your login string, or
  • you clicked on a ‘fake’ URL :frowning:

You might also want to ask on the Apple Community boards.

Good luck!

THANK YOU! I’ll go through all the info above.

After writing my previous post I got this five mins ago from Pinterest !

We noticed a login from a new device or location and want to make sure it’s you.
Where: Netherlands (Approximate)

@Figo,

I hope I can say that you needn’t worry about this: if you have already installed and are running VPN Express, this from Pinterest may be because the colocation of the VPN server which you are using is in the Netherlands. If you look under the large circle in the Express VPN app, does it show the Netherlands? If so, no need to worry!

Hi there,
at the risk of repeating some of the very good recommendations here and objecting to some others:

  1. Don’t use free protection software. This always comes at a cost. MacKeeper is a classic useless piece of code that you can’t get rid of anymore. That’s why it is typically marketed on Pornsites. Malwarebytes took me hours to completely remove after Installation. There’s a reason why those hooks are free of charge. Spend money to buy protection software. If you protect your valuable files with free stuff, the value of those files can’t be too high. It’s like protecting your $1M house with a $10 webcam. Makes no sense. By the way: Before you apply ANY kind of protection/repair software, make a backup. Not talking about running another run with TimeMachine. Talking about buying a 1tb USB-drive and run either a new run of TimeMachine or use CarbonCopyCloner. If something goes south during repair, you can revert.
  2. Do use a password manager or keychain! This has the same risk management benefits as webSSO. Whether you use Apple’s keychain or 3rd party software is up to your convenience preferences. One thing though: Use a VERY strong master passphrase. I’m talking REALLY REALLY strong such as: “Jowentswimmingandlosthistrousers” or “mywifehasatatooonherbelly”. Got the picture? I mean PICTURE! Can you see the guy without trousers? Or your wife with the tatoo. Well, you probably see her more often and you will certainly remember the passphrase. Why is it important to use a passwordmanager? In past times, we had 5 accounts that we were managing. Easy to remember even different passwords. Now you have 20. I have about 500 different credentials. It is crucial to use different passwords on ANY platform you’re using. If you don’t, it’s sufficient to get that password once and run it past all your possible accounts. Kiss your accounts goodbye. You might remark now that this is valid for a password manager, too. Wrong. Because if you’re managing different passwords on all your platforms with your built in memory (brain), you will naturally choose simple codes or one code with different endings (joe#1, joe#2, joe#3). That’s a snap to crack. With a password manager, you lock all your secrets away with a VERY strong passcode that is difficult to impossible to crack (unless you write it down on a postit and stick it unterneath your keyboard). As I’m professionally paranoid, I’m using a different email alias on EVERY account, too. Nice side effect of this one: As soon as Spam arrives on one of my 500 different aliasses, I know that this very platform either sold my data or got hacked and I can take appropriate action. Now that you manage your credentials professionally, make sure to use up the allowed number of letters for ANY plattform. I’m happy using 64 letters, numbers, special characters for a password. Every time. With a unique email on top of a row of 64 letters of gibberish, it’s no fun for the bad guys and they’ll go elsewhere.
  3. Use 2nd factor authentication whenever possible. However, make sure to store the emergency key in your password manager. I can highly recommend google authenticator for the 2nd factor. At this point, people can even physically access your computer without being able to access your online-treasures as they would also have to have access to your iPhone and the correct finger or eye. Outch.
  4. Never share any of your accounts nor your user on your computer. To NOBODY! No family, no fiance, no colleague. Full stop. And apply FileVault on top of that. No excuses.

Good luck!

2 Likes

Thank you everyone. Im slowly working through all your advice. Not sure if I’m achieving anything or not.
Today I got this email. It claims to be from a member of my family. I did not click it. I asked her if she sent it and she did not. So far I dont think anyone else on her contacts got it. … So is it another attack on me !

It’s easy to make the from email address look like it’s from a different person. I get them quite often from spammers saying they hacked my server and I need to pay something or other. You can view the actual message details and see where the sender sent it from.