Someone is attacking my financial accounts and social media.

[rollthedice]

Quote:

Originally Posted by subtona

if someone can access information by entering a password we are vulnerable. even in 2 step verification, it is only a bandaid.

once upon a time your Birthday, SS # & Mothers Maiden Name served as the keys to protecting your data security, after a few years that very information was on everyones database and has become widely available to hackers.
The second you enter your next level security, the information is stored on another piece or pieces of hardware for someone to hack, it is a horrific spiral.

ultimately our habitual and mindful security practice may be our best defense but the world is changing so fast without govt protections being put in place (the US govt (I suspect the others as well) has their own agenda for our privacy)

i am no expert, i have only maintained an acute awareness of the evolution technology and its pitfalls since my palm pilot days. my friends know me as the guy they laughed at for putting a post it note on the computer camera… years later they all have their cameras covered.

since your in IT security, i welcome any information that would provide a level of comfort and security. i frequently speak with a good friend who has a leading role in IT security for big banks, it is a daunting task to say the least


most importantly, i do not think i would ever be comfortable stacking all my passwords on a cloud based 3rd party site where i am certain they have a hackers crosshairs on them or maybe even funded by a hacker group or govt 4th party.

that's why I said local based not third party hosted, 1password is all local on your computer only. No internet conn required

[subtona]

Quote:

Originally Posted by rollthedice

that's why I said local based not third party hosted, 1password is all local on your computer only. No internet conn required

Thank you for clarification I did miss that relevant detail.

[rouxeny]

Another vote for 1Password. It works pretty well, and is relatively to use across your devices.

It's definitely not as easy as having an easy-to-remember password, but I suppose that's the point.

Also, on Apple devices, you could enable the Keychain functionality. I have only used it sparingly, but it seems to be very easy to use. I'd say less kludgy than 1Passsword.

[DCgator]

Sorry to hear, Doc. I hope it all gets squared away soonest.

[ocabj]

Turn on multi-factor authentication for any service you are on that offers it (e.g. BofA, FaceBook, twitter, Google, etc).

To mitigate any service that does not offer multi-factor, also use LastPass (with multi-factor to protect the LP vault), and use long randomly generated passwords which you change on a regular basis (e.g. once a month).

Use Duo Security (free for personal use) if you have your own applications (e.g. self hosted web applications with authentication) that you want to enable multi-factor on.

Get Yubikey(s) as supplement to your phone for multi-factor device/token.

[joeychitwood]

I discovered what happened. I received a letter from Best Buy stating my application for a platinum Best Buy credit card had been turned down because they could not access my credit report. Though mailed to my address, the name on the letter was not mine.

I went on Facebook and looked up the named person. He was from India and his name was quite unique. His FB posts all dealt with information about hacking. I sent him a message and let him know he would not be getting his credit card.

Unbelievably, he replied and stated that a file I had posted on my supposedly secure server had been posted on several hacker websites. The file contained online passwords in case I needed them while traveling. I had deleted the file immediately upon discovering that I was hacked, but he sent me a link to the Google cached file which showed that the entire document is still available on the web. He assumed many different hackers attempted to compromise my accounts. He admitted to trying to obtain a Best Buy credit card!

I immediately contacted my web hosting support team. They advised me that Google bots cruise the web looking for any files that might contain sensitive information. Though the servers are secure, the bots can apparently still access the files if they are web accessible. They can be protected somewhat by passwords or by loading them to an FTP site, but I made the mistake of assuming that a secure server was secure.

I've changed every single username and password on every site where I do business. But beware, the hackers are smarter than many of us, certainly smarter than I am, and they will exploit any flaw in your personal security. Though very upset by the hacker in India for trying to steal my identity, I do appreciate him telling me how this all happened.

Now I have to find out if I can have a cached web page removed from the web altogether.

[ronin_ph]

Man. That's a crazy story. Good luck getting it sorted out.

This is part of the reason I don't use cloud, third-party anything.


Sent from my iPhone using Tapatalk

[bdex75]

I had my identity stolen 2 times. Mainly opening credit accounts in my name and running up thousands of dollars in charges.

Alerted all of the bureaus and the second time they really got no where.

Knowing your accounts and attacking them is a little disturbing.


Sent from my iPhone using Tapatalk

[Abdullah71601]

Quote:

Originally Posted by joeychitwood

I discovered what happened. I received a letter from Best Buy stating my application for a platinum Best Buy credit card had been turned down because they could not access my credit report. Though mailed to my address, the name on the letter was not mine.

I went on Facebook and looked up the named person. He was from India and his name was quite unique. His FB posts all dealt with information about hacking. I sent him a message and let him know he would not be getting his credit card.

Unbelievably, he replied and stated that a file I had posted on my supposedly secure server had been posted on several hacker websites. The file contained online passwords in case I needed them while traveling. I had deleted the file immediately upon discovering that I was hacked, but he sent me a link to the Google cached file which showed that the entire document is still available on the web. He assumed many different hackers attempted to compromise my accounts. He admitted to trying to obtain a Best Buy credit card!

I immediately contacted my web hosting support team. They advised me that Google bots cruise the web looking for any files that might contain sensitive information. Though the servers are secure, the bots can apparently still access the files if they are web accessible. They can be protected somewhat by passwords or by loading them to an FTP site, but I made the mistake of assuming that a secure server was secure.

I've changed every single username and password on every site where I do business. But beware, the hackers are smarter than many of us, certainly smarter than I am, and they will exploit any flaw in your personal security. Though very upset by the hacker in India for trying to steal my identity, I do appreciate him telling me how this all happened.

Now I have to find out if I can have a cached web page removed from the web altogether.

I think we're all better off with a little black book for our access credentials. Someone needs to be in your physical space to steal your book. Whereas anything electronic will always be vulnerable.

I hope you get this sorted soon. It's a 16 ton weight on your shoulders until you get it resolved.

[Dr. Prunesquallor]

Quote:

Originally Posted by Highland Ranger

I invested in a VPN for the home office. Whenever I travel I connect phone and PC to the VPN. Routes l traffic thru encrypted tunnel thru office - no hacking.

Sent from my Nexus 6P using Tapatalk

I need to do exactly that. Did you research BPN providers and reach any conclusions?

[Abdullah71601]

Quote:

Originally Posted by Dr. Prunesquallor

I need to do exactly that. Did you research BPN providers and reach any conclusions?

The VPN protects your current activity. It won't help if you store sensitive information on third party servers.

I've been using Witopia for all my personal business transactions for five years. It's worked well. But, I don't store any credentials or passwords anywhere (except a quirky unique one here), and I don't let Windows store any for me either.

I'm probably still vulnerable, but I think I'm a harder target than if I trusted third parties to keep me safe.