Hacking Protection

[JayDee]

Hey guys, I just wanna share something with you to see if someone can help me because I am frustrated. My facebook and instagram account were hacked for the 4th time this month. When it first happened, I created a new hotmail account and linked it with both my facebook and instagram profiles because my original hotmail was also hacked. 2 step verification was enabled for both social media accounts but still didn't protect me. After the second and the third time, I became convinced that someone had access to my phone or laptop so I resetted both of them. After each hack I recover my accounts using my phone number. Last night was the fourth time so instead of recovering and re-use them I recovered and deleted both social media accounts. Can someone please help give me some advise on what I can do to protect myself in case I created new social media accounts or reactivated my already existing ones ?

 

Thank you

[xkryptonx]

There was a time when some hacker had a crush on me and hack the crap out of every device i owe. Since the hacker is such a sweat heart, and i do know what to do in this case i just sit there and watch what they were capable of doing. All i know was that particular person was trying their best to impress me with their hacking skill.. Seriously i was impressed.  When my uncle know what was happening he advised:

 

 

1. Change your IP Address.
2. Change your Wifi MAC address
3. In some cases, hacker use phishing attempts and that is how they steal/hack your credentials. If you get some gaming request on social media prompting you play game and stuff and ask for your real credentials, be advised that is how they steal your credentials. Never use your credentials anywhere except your social media official login page.
4. Password protect all your device(s)
5. And Browser like google offers you to save your passwords for easy login. Anyone can peek into that and steal your credentials. So better password protect your device. BIOS if possible and better write download the password and keep it in a safe place cz i dont know anyway to reset BIOS password in case it is forgotten/ Los
6. Use HTTPS everywhere; 
7. For FireFox:https://addons.mozilla.org/en-US/firefox/addon/https-everywhere/
8. For Chrome: https://chrome.google.com/webstore/detail/https-everywhere/gcbommkclmclpchllfjekcdonpmejbdp
9. https://en.wikipedia.org/wiki/Phishing
10. Change the password of all your mail accounts if possible cz mostly likely they too pose a threat .Hope that helps. 

 

Since this is a very interesting thread i will be keeping an eye on it. BTW, Phishing attempt is most likely the case they steal your credentials cz in my case i open a malicious link and that is how my entire system was hacked.  So stay away from it.

 

EDIT:

 

And use a good security solution Such as 'Kaspersky Internet Security" You can download, install, and activate by following the instruction given here. And never turn off your security suite while surfing online.

 

[funkyy]

JayDee, ask yourself the obvious question...do you REALLY need social media like Facebook and Instagram?

I don't understand the obsession that many people have with the need to put their private/personal details out there.

I'm not getting at you personally amigo, it's just that I think that people in general get carried away on social media and forget just how

much information they are tempting these hackers with.

Anyway, I hope you can get your accounts secured again using the tips that xkryptonx (above) has suggested....

.....and NEVER EVER click on a tempting link!!!

 

[UpGrade]

In addition to xkryptonx's advice above, I would completely format your machine and any devices you have including phones. then once this is complete change passwords on all accounts or create new ones.

Check your email addresses for recovery options to make sure they have not been changed to the attackers address / number.

 

I would also change you telephone number as its possible to clone old GSM sim cards.

 

No Security solution that you install locally to your machine will stop your online accounts from being hacked.

 

You need stronger password entropy!

What you need to do is choose a stronger password and use different passwords for all accounts.

Passphrases are actually much more secure as spaces will increase the password entropy dramatically.

an example would be:

this is a strong password

 

That is a 25 character passphrase, 16 characters is considered secure nowadays, you will hear from different sources the 8, 10 or even 12 characters is secure however, that is not exactly accurate, you can still have a password with strong entropy at this length but more length is still better, even if there is no complexity! Using "this is a strong password" for example would be more secure than something like: P@$$word.

 

P@$$word would take 3 hours to brute force where as "this is a strong password" would take about 169 SEXTILLION YEARS to crack!

 

You can check how good your passwords / passphrases are by using https://howsecureismypassword.net

 

Another thing to remember is not to store passwords anywhere other than a secure an encrypted password manager!

Some good ones are Lastpass, Keepass, 1Password, Dashlane. This way you only have to remember one passphrase (for logging to the manager and the rest are stored securely for you..

 

You should also turn on Multi Factor Authentication (MFA) where possible. Previously know as 2 Factor Authentication (2FA). MFA will add an extra layer of security to your accounts and you will need a physical device (eg your phone) to log in after you enter password a code will be availably only on your device, there are different ways this can be performed (SMS code, email, In-app code, Authenticator App).

Do not use SMS as this is not secure i would recommend using and authenticator app, this is the most secure way and allows you to authenticate multiple accounts all from one app.

You can check sites that have MFA available here: https://twofactorauth.org/

 

If you require more information or any help just let me know happy to explain more. Just don't have the time at this moment.

 

PS. I also agree 1000000% with funkyy If you must have a social account do not post anything personal on there AT ALL!  I have social accounts for various reason but i hate them i never post an i never upload pics of myself or children, family, friends.

The internet is a dangerous place i think its reckless to share pictures of your children or any people you care about and any information about yourself or them.

Keep your social media, social and not personal.

[nIGHT]

Whether social media is vital to your life or just some time waster fun thing for you is up to your choice and not us.
Personally, I think what we should offer are good options, advises, software tools and knowledge so you can mitigate your situation of being hacked again for the nth time.

If you are using FREE WIFI of your neighbor (lol), in the mall, or in a cafe or fast food store then be sure to use vpn as a MITM (Man in the middle) attack can read and get your "plain text" username name and password sent whenever you login to a non HTTPS complaint site. Only just a few years ago, where firefox and google made a stand to force site owners to implement full HTTPS and willl no longer opened site pages with insecure content so no one will exposed their username and password again to MITM attacks,

If you are using pc/laptop in a net cafe or in the office be sure not to choose the option to save you username and password in that computer as others can easily get it. Please be careful using these cafe/public pc/laptop even if  you think that pc/laptop does not have any keyloggers installed in the main OS, in the browser or as part of the monitoring software system installed to every pc/laptop so they can monitor users not to browse any porn sites on that premises. Yes, pc/laptop monitoring software main server can see everything you see on your monitor and they can see what you typed in there including your typed site address, username and password.

Keyloggers are sometimes part of a malwares "data gathering" features. lol! so @xkryptonxadvise above to have a good anti AV/anti malware software is applicable too. Also, the easiest ways to get malwares which might contains keylogger or data gathering features accessing your browser cookies, is to click on tempting links as @funkyy noted above. If you really must do then learn to use a vm to surf under that system whenever you want to have a "happy time" so it can at least limit your exposure and data theft to minimun, but remember you are not totally protected as there are some advance malwares that can bypass it too.  I usually have many OSes in vm where each one has its own purpose like for banking, "happy time" or for work.
Whenever I engage in dangerous activities like software testing or accessing "happy time" sites I do it in there so that after I finished it I just "reset" it to the last saved uninfected state. I tried to stay away from using too much jargons since I do not know how proficient are you with computers and software.

Also, other forum sites or social sites just logged usernames, password and other details in an unencrypted fields of database. Those using a more latest versions already implemented encryption on sensitive user profiles and passwords although admins can break it and have a look at it too. So, please do use different email, username and password for every forum sites and social media sites you are signed in or want to sign in. Just record it in a password manager as advised by @UpGrade above and try to store it in many places so you can remember it. Please note that emails on other forums also serves as username too.

Just as I was taking a break now by making my coffee, I remember that your gov't might be like China gov't too which eavesdrops on their citizen by using script injection. Hell, even those who lived outside china territory the moment they visit BAIDU, weibo or alibaba.com their pages are added with script injection so the china gov't can spy on what you are doing and sharing. Good luck if you have this as they can block most vpn, but not all. Just be careful on how you find a way around it.

Also, going back to malwares, downloading "legit" software from other sources other than trusted ones and shared by trusted people can include additional package that can install a "backdoor" to your system. besides these, your system might have open ports were hackers can find a way to remote execute a "package" sent to a OS system/software installed having "vulnerabilities" still left un-patched.

Lastly, although it is "none" of our business to tell you if you really need social media but please consider the advise of @funkyy

and @xkryptonxabove. Do not share any of your personal information on the net, real life credentials and gaming/account credentials as having knowledge on the statuses of your account like in gaming the level, buids, stats, golds, inventory, etc are enough for some admins to consider that as enough evidence that account are yours.

Good luck. Feel free to ask questions further covering this topic.
Anyone of us here will try their best to help you out on their free time.

 

[Arachnoid]

My advice is to move away from hotmail for your email. 

[JayDee]

Hello guys, I just wanna say thank you for your help. I read what you advised me to do very carefully and applied it. I re-activated my social media account and linked them with a newly created Gmail account. I am using Google Authenticator for Gmail, Facebook and Instagram.

[UpGrade]

1 hour ago, JayDee said:

Hello guys, I just wanna say thank you for your help. I read what you advised me to do very carefully and applied it. I re-activated my social media account and linked them with a newly created Gmail account. I am using Google Authenticator for Gmail, Facebook and Instagram.

Great stuff, if you run into any more issues please let us know, would be happy to advise on anything you need!

[Arachnoid]

Don't forget to let the NSA know your new email so they can keep tabs on it 

[duddy]

On 3/9/2020 at 12:30 AM, UpGrade said:

In addition to xkryptonx's advice above, I would completely format your machine and any devices you have including phones. then once this is complete change passwords on all accounts or create new ones.

Check your email addresses for recovery options to make sure they have not been changed to the attackers address / number.

 

I would also change you telephone number as its possible to clone old GSM sim cards.

 

No Security solution that you install locally to your machine will stop your online accounts from being hacked.

 

You need stronger password entropy!

What you need to do is choose a stronger password and use different passwords for all accounts.

Passphrases are actually much more secure as spaces will increase the password entropy dramatically.

an example would be:

this is a strong password

 

That is a 25 character passphrase, 16 characters is considered secure nowadays, you will hear from different sources the 8, 10 or even 12 characters is secure however, that is not exactly accurate, you can still have a password with strong entropy at this length but more length is still better, even if there is no complexity! Using "this is a strong password" for example would be more secure than something like: P@$$word.

 

P@$$word would take 3 hours to brute force where as "this is a strong password" would take about 169 SEXTILLION YEARS to crack!

 

You can check how good your passwords / passphrases are by using https://howsecureismypassword.net

 

Another thing to remember is not to store passwords anywhere other than a secure an encrypted password manager!

Some good ones are Lastpass, Keepass, 1Password, Dashlane. This way you only have to remember one passphrase (for logging to the manager and the rest are stored securely for you..

 

You should also turn on Multi Factor Authentication (MFA) where possible. Previously know as 2 Factor Authentication (2FA). MFA will add an extra layer of security to your accounts and you will need a physical device (eg your phone) to log in after you enter password a code will be availably only on your device, there are different ways this can be performed (SMS code, email, In-app code, Authenticator App).

Do not use SMS as this is not secure i would recommend using and authenticator app, this is the most secure way and allows you to authenticate multiple accounts all from one app.

You can check sites that have MFA available here: https://twofactorauth.org/

 

If you require more information or any help just let me know happy to explain more. Just don't have the time at this moment.

 

PS. I also agree 1000000% with funkyy If you must have a social account do not post anything personal on there AT ALL!  I have social accounts for various reason but i hate them i never post an i never upload pics of myself or children, family, friends.

The internet is a dangerous place i think its reckless to share pictures of your children or any people you care about and any information about yourself or them.

Keep your social media, social and not personal.

 

You are genius bro.

Very good information out here.

Thanks @UpGrade for sharing it with fellow colleagues here. 

[E1uSiv3]

On 3/9/2020 at 2:08 PM, nIGHT said:

Just as I was taking a break now by making my coffee, I remember that your gov't might be like China gov't too which eavesdrops on their citizen by using script injection. Hell, even those who lived outside china territory the moment they visit BAIDU, weibo or alibaba.com their pages are added with script injection so the china gov't can spy on what you are doing and sharing. Good luck if you have this as they can block most vpn, but not all. Just be careful on how you find a way around it.

 

I think you forgot to mention about USA's NSA. In my opinion they are much more advanced as for as snooping of citizens is concerned. I will suggest you to watch documentary "Citizenfour" concerning Edward Snowden. You may also check wikileaks for more information on NSA snooping network.