Look, I consider myself decently tech savvy, I don't download suspicious torrents, open emails telling me I won a million dollars or go on phishing sites. Hear me out.
Both my email and a gaming account I use got hacked, they share the same email but different passwords. I'm a bit lost as to how it happened.
27 Oct 6pm received a “verification code” email from the game, the contents of the email is really basic and just says “verification code xxxx” doesn’t say what its for (ie password reset/email change/2fa code). I did not see this email until the next day as I don’t have push notifications for my email. I know the game has 2fa so it could've been a 2fa code, but they would've needed another verification to change my email on the account ( I know this is the case because I tested it on a new account I made), which makes me think they bypassed the 2fa? I guess its possible right?
When I woke up, I was logged out. I attempted to login to my game but I wasn’t able to, then I found out my email was not registered anymore. When I checked the deleted folder in my email it was when I noticed the above email. The email was ‘read’ and deleted, I obviously knew it wasn’t me as I didn't even check my email then.
Of course since then I’ve changed my passwords, added more security, did virus scans etc. But what I’m confused about is:
I should also add that on the same day 28 Oct, I scoured the internet and was able to find my account on sale. The next day the seller actually took down the ad and I was not able to find another ad for my account.
Any insight would be appreciated so I can stop this from happening again!
Both my email and a gaming account I use got hacked, they share the same email but different passwords. I'm a bit lost as to how it happened.
27 Oct 6pm received a “verification code” email from the game, the contents of the email is really basic and just says “verification code xxxx” doesn’t say what its for (ie password reset/email change/2fa code). I did not see this email until the next day as I don’t have push notifications for my email. I know the game has 2fa so it could've been a 2fa code, but they would've needed another verification to change my email on the account ( I know this is the case because I tested it on a new account I made), which makes me think they bypassed the 2fa? I guess its possible right?
When I woke up, I was logged out. I attempted to login to my game but I wasn’t able to, then I found out my email was not registered anymore. When I checked the deleted folder in my email it was when I noticed the above email. The email was ‘read’ and deleted, I obviously knew it wasn’t me as I didn't even check my email then.
Of course since then I’ve changed my passwords, added more security, did virus scans etc. But what I’m confused about is:
- My email and game have 2 different passwords, it would’ve been really unlikely that they were able to get 2 different passwords? I thought it could’ve been malware but I’ve scanned my PC using a few anti viruses that came up with nothing, I also did a scan a few days back and didn’t get anything.
- Gaining access to my games account seemed like that was their only goal. It was an outlook account that has a feature to retrieve emails that were deleted from the deleted folder, and that was the only email that was there, no other 2fa was triggered. I figured if it was really malware they would’ve done more than just gain access to my game? I checked my other accounts/social media/paypal etc to see “last login location” and didn’t see anything suspicious anywhere
- My other assumption was that they gained access to my email first but how would they have known that the email was registered to the game? My characters name is not the same as my email nor does the game feature your email anywhere. If they were trying to gain access to my email as an initial goal, I feel like they would’ve done more harm instead of just getting a gaming account.
I should also add that on the same day 28 Oct, I scoured the internet and was able to find my account on sale. The next day the seller actually took down the ad and I was not able to find another ad for my account.
Any insight would be appreciated so I can stop this from happening again!
Last edited: