Hello. I hope this is the right place to ask. An account of mine, with 2 step authentication that requires the application, was breached like few mins after i literally logged out. How could this happen? I mean there are literally no viruses and other suspect activity on my PC. Or was this just random and now hackers can simply breach this stuff with ease? Is there a way to prevent this kind of stuff or all users are exposed to this kind of attacks even if they have tons of security?
Account breach problem
- Thread starter NEOCROM
- Start date
CountMike
Titan
- Oct 31, 2015
- 35,164
- 3,659
- 147,990
Is it MS account ? Local account ? Online account ? Which kind is it ?
First thing to do is to change passwords and than check if it's really breached, often it's just phishing, you get message that it's breached and than they ask you to confirm by sending real data to "Fix it", then they use that data to really breech it and use for nefarious purposes,
Last edited:
- Mar 21, 2015
- 13,170
- 2,223
- 82,390
Contact the site/brand customer support and ask them.
2-way auth protects log-ins from outside of the service provider servers. But depending on which 2-way auth protocol they are using, it can be bypassed easily.
However, if the breach was internal (inside the service provider server), then it doesn't matter which security features your account has.
Having loads of security doesn't make the account breach proof. What it's purpose is, is to make account harder/more time consuming to breach, so that most black hats wouldn't bother to breach it.
So it doesn't matter if i have mobile number authentication, email too, key codes, or even 30-40 words and numbers password, the hacker can simply intercept the connection or bypass the security?
white.a.drew
Dignified
- Oct 14, 2017
- 4,385
- 404
- 16,390
Yes and no it's more or less if you have all of this in place and your being hacked. Your giving your info to the wrong people...... Basically is what's being said here.... No an account will never be hack proof. You can have a 300 letter password 8 form authentication..... But in the end if there is an internal breach with the account you are having a problem with nothing you do will help they have full access to everything it's a internal breach they control the website.... It could be your giving the wrong person info and they abusing the info.... Or it could be like someone else said where it's fishing..... They are telling your hacked so you send them the info for them to really hack you
- Mar 21, 2015
- 13,170
- 2,223
- 82,390
Like i said, there are two main avenues of an attack: external and internal.
To deter from external attack, account can have loads of security features. The more complex the features are to bypass, the less likely it is for hacker trying to bypass it. But no security ever is breach proof.
Internal attack is more likely and once hacker has breached the server, they have access to all accounts, regardless the security on individual account.
Here are some such breaches listed, among other relevant info,
link: https://www.kaspersky.com/resource-center/threats/what-is-a-security-breach
in an similar example: your front door can be as high security as it can be. E.g steel security door with several security locks + cameras. But if you have side window open or thief busts the window, then it doesn't matter how well secured your front door is.
Same is with accounts. They can have as high security as possible but when server is poorly secured, hackers go after server.
In recent history, Linus Tech Tips youtube channel was hacked and nuked. After the saga, Linus explains well about the security vulnerabilities and how it was done, despite him having 2-way auth in place, among other things. Video:
Last edited:
- Mar 21, 2015
- 13,170
- 2,223
- 82,390
Depends on what account you're talking about.
Not all accounts keep you logged-in forever, instead they have a timer, after which you're booted (logged-off automatically).
Other accounts require to check the box during log-in, usually "Remember me". Which then disables automatic log-off.
Then it depends on what device you use to log-in. Here, i discuss physical access to the device:
If it's your home desktop PC, what no other 3rd party can access without you knowing, it would be quite safe to stay logged-in. Especially when you use cable internet and not wi-fi connection.
If it's your laptop, it has higher security risk since that can be easily stolen, due to portability. Also, using public wi-fi is terrible idea.
But mobile phone has worst security, since those can be lost or stolen very easily.
Not all accounts keep you logged-in forever, instead they have a timer, after which you're booted (logged-off automatically).
Other accounts require to check the box during log-in, usually "Remember me". Which then disables automatic log-off.
Then it depends on what device you use to log-in. Here, i discuss physical access to the device:
If it's your home desktop PC, what no other 3rd party can access without you knowing, it would be quite safe to stay logged-in. Especially when you use cable internet and not wi-fi connection.
If it's your laptop, it has higher security risk since that can be easily stolen, due to portability. Also, using public wi-fi is terrible idea.
But mobile phone has worst security, since those can be lost or stolen very easily.
Ubisoft account. And i was home. Entered account to check something, then like 15-20 mins later i received an e-mail with suspect activity. I've entered fast, changed password, but i've noticed meantine my ubisoft units were spent for discount.
- Mar 21, 2015
- 13,170
- 2,223
- 82,390
While i do have Ubisoft account too (some Steam games require it, which IMO is BS), i haven't used mine for a long time, nor i have anything valuable on it. With this, i don't know what the latest state of Ubisoft and it's accounts are. But quick Google search showed it being quite bad. Ubisoft servers have been breached several times.
Here, i suggest not holding anything valuable on your account, since when another breach happens, you may loose some/all of it. Best option is not to use that poor service at all.
Here, i suggest not holding anything valuable on your account, since when another breach happens, you may loose some/all of it. Best option is not to use that poor service at all.
Then how can i play ubisoft games if i'm not using ubisoft service, like uplay? I even sent them a ticket and asked them to recover my lost units, still no answer. Seems they little care about this since it's their fault in the first place.
- Mar 21, 2015
- 13,170
- 2,223
- 82,390
Yeah, that's the downside of this situation.
You've gotten plenty of info about your situation and in the end, it's up to you to decide, if you want to continue using it or not.
TRENDING THREADS
-
-
News Bill Gates says Intel has lost its way, hints that 'brave' Pat Gelsinger exited too soon- Started by Admin
- Replies: 46
-
Review Nvidia GeForce RTX 5080 Founders Edition review: Incremental gains over the previous generation
- Started by Admin
- Replies: 224
-
Question Help find Cybenetics report for be quiet! Straight Power 12
- Started by Elliah246
- Replies: 13
-
Discussion What's your favourite video game you've been playing?- Started by amdfangirl
- Replies: 4K
Latest posts
-
-
-
Question How to get rid of Norton and McAfee popups?
- Latest: ohio_buckeye
-
-
Facebook
Twitter
Instagram