- Sep 14, 2013
- 759
- 0
- 19,310
I spent most of last night and all of today working on what happened and I still have no idea where it started or where they got in. So here's the story:
(TL;DR, 2 separate accounts hacked with 2FA and other measures, no notifications of attempted logins, please help!)
Part 1 - Amazon:
Going to bed, about to put my phone on the charger, I get a notification about a customer support agent responding to me on the Amazon app, which was confusing since I hadn't been using the app and definitely didn't start any support requests. When I opened it, someone else was talking to the support agent on my account, very clearly either in broken English or poor typing skills. They were discussing refunding or something akin to that, my thought was, if someone I don't know is in my account asking for a refund, it's not good for me. I told the support agent to stop and not to touch my account. I closed that discussion and opened one myself while I checked my order history. My order history had 4x $25 Amazon gift cards and 6x $10 Xbox gift cards purchased.
I talked to a customer support agent and managed to get them to refund the cards and cancel the orders, all of them besides 1 were cancelled and refunded. I figured the party was over, just have to go to bed and continue figuring out what happened the next morning, I was too tired and out of it at this point to think about any more. When I woke up the next day (today), there were texts for an Amazon login attempt, which I obviously didn't request. I opened a new support chat and told them to cancel and refund any orders made on my account on the 25th or 26th (I had not ordered anything personally, so I figured this is the best course of action), but still the single $10 Xbox gift card is stuck in there. I figured, on a long shot, I'd ask Microsoft/Xbox support to see where the code was redeemed, they couldn't help. I had Amazon lock my account, I changed my password using a password app that can generate randomized passwords, no chance someone can break in.
Then it dawned on me middle of the day. I take my security fairly seriously, how did they get into my account? I had 2FA using Google Authenticator, and it was tied to my main personal email and my phone. I never received a notification of a login attempt until the morning when I noticed it. No emails at all. I figured since I work from home, if I get downtime I'll begin a purge for my accounts, every single account I have in Chrome, go through each, disable/delete accounts if I don't need them and change passwords to randomized, stronger ones if I do. I did about 15 to 20 out of 350 before part 2.
Part 2 - Enter Coinbase:
I got an email from Coinbase, congratulating me on buying $500 in Bitcoin. Excuse me?! I do own Bitcoin and some other crypto's, but I didn't buy $500 worth! I had to put work on a brief hold and had a co-worker cover for me while I worked on this issue now. I opened a chat support with Coinbase and discussed with them, the conversation eventually ended with me telling them to just disable and lock the entire account after I changed my password. If some jerk is buying $500 in BTC on my account, they sure are NOT taking it off the damn account. With that done, now nobody, including me, should be able to access that account without verification (ID, selfie, etc.) So as I'm writing this, that is in process, 48-72 hours.
I called my bank as well to see what they could do. I spent almost 45 minutes on the phone with this guy going through charges, and he saved my bacon. He pointed out another $100 Amazon charge I didn't even do. My last actual purchase was $90, and it went through before this $100 purchase, so anything after that was fraudulent. I worked with him on next steps and eventually we're down to waiting for Coinbase and Amazon, but if this happens again, we may have to close my account and open a new one, because nobody knows how they got in. It's good to mention with Coinbase, I have 2FA on as well! Google Authenticator, email, and text, same as Amazon, the only reason I knew something was wrong was because I got an email about a purchase I didn't make.
Sorry for the rant, this has been stressful and it felt nice getting it all in text. To finish with, does anyone have any ideas of how they could have got into both accounts without setting off any alarms? Are they Jason Bourne? I did a full PC scan with Malwarebytes and Emsisoft Emergency Kit and made sure there's nothing on my PC, including rootkits, so I'm good I think. Does anyone have any idea how I can work into this without closing a bank account?
Thank you
(TL;DR, 2 separate accounts hacked with 2FA and other measures, no notifications of attempted logins, please help!)
Part 1 - Amazon:
Going to bed, about to put my phone on the charger, I get a notification about a customer support agent responding to me on the Amazon app, which was confusing since I hadn't been using the app and definitely didn't start any support requests. When I opened it, someone else was talking to the support agent on my account, very clearly either in broken English or poor typing skills. They were discussing refunding or something akin to that, my thought was, if someone I don't know is in my account asking for a refund, it's not good for me. I told the support agent to stop and not to touch my account. I closed that discussion and opened one myself while I checked my order history. My order history had 4x $25 Amazon gift cards and 6x $10 Xbox gift cards purchased.
I talked to a customer support agent and managed to get them to refund the cards and cancel the orders, all of them besides 1 were cancelled and refunded. I figured the party was over, just have to go to bed and continue figuring out what happened the next morning, I was too tired and out of it at this point to think about any more. When I woke up the next day (today), there were texts for an Amazon login attempt, which I obviously didn't request. I opened a new support chat and told them to cancel and refund any orders made on my account on the 25th or 26th (I had not ordered anything personally, so I figured this is the best course of action), but still the single $10 Xbox gift card is stuck in there. I figured, on a long shot, I'd ask Microsoft/Xbox support to see where the code was redeemed, they couldn't help. I had Amazon lock my account, I changed my password using a password app that can generate randomized passwords, no chance someone can break in.
Then it dawned on me middle of the day. I take my security fairly seriously, how did they get into my account? I had 2FA using Google Authenticator, and it was tied to my main personal email and my phone. I never received a notification of a login attempt until the morning when I noticed it. No emails at all. I figured since I work from home, if I get downtime I'll begin a purge for my accounts, every single account I have in Chrome, go through each, disable/delete accounts if I don't need them and change passwords to randomized, stronger ones if I do. I did about 15 to 20 out of 350 before part 2.
Part 2 - Enter Coinbase:
I got an email from Coinbase, congratulating me on buying $500 in Bitcoin. Excuse me?! I do own Bitcoin and some other crypto's, but I didn't buy $500 worth! I had to put work on a brief hold and had a co-worker cover for me while I worked on this issue now. I opened a chat support with Coinbase and discussed with them, the conversation eventually ended with me telling them to just disable and lock the entire account after I changed my password. If some jerk is buying $500 in BTC on my account, they sure are NOT taking it off the damn account. With that done, now nobody, including me, should be able to access that account without verification (ID, selfie, etc.) So as I'm writing this, that is in process, 48-72 hours.
I called my bank as well to see what they could do. I spent almost 45 minutes on the phone with this guy going through charges, and he saved my bacon. He pointed out another $100 Amazon charge I didn't even do. My last actual purchase was $90, and it went through before this $100 purchase, so anything after that was fraudulent. I worked with him on next steps and eventually we're down to waiting for Coinbase and Amazon, but if this happens again, we may have to close my account and open a new one, because nobody knows how they got in. It's good to mention with Coinbase, I have 2FA on as well! Google Authenticator, email, and text, same as Amazon, the only reason I knew something was wrong was because I got an email about a purchase I didn't make.
Sorry for the rant, this has been stressful and it felt nice getting it all in text. To finish with, does anyone have any ideas of how they could have got into both accounts without setting off any alarms? Are they Jason Bourne? I did a full PC scan with Malwarebytes and Emsisoft Emergency Kit and made sure there's nothing on my PC, including rootkits, so I'm good I think. Does anyone have any idea how I can work into this without closing a bank account?
Thank you
Facebook
Twitter
Instagram