How Safe are Your Passwords?
(Tip: Everyone should look into their email filters, use a password manager and change their passwords often.)
Do you allow your web browser(s) to store your online passwords? Do you log into websites, such as Gmail, Hotmail, Outlook, YaHoo, and etc., without entering your username and/or password? If so, then you may be at risk for someone gaining access to your personal information. Our Email accounts generally provide links to other valuable accounts, such as our online banking, our Amazon account or other online shopping sites, and they usually contain records of communication with friends, family members, and work colleagues. So it's important that we try to protect this information as best as we can.
Recently billions of emails and passwords were leaked online and may have contained information on your Gmail, Hotmail, Outlook, and Yahoo email accounts. On February 2, 2021 COMB was leaked on a popular hacking forum. According to Cybernews, they were "approximately 200 million Gmail addresses and 450 million Yahoo email addresses in the COMB data leak."
More than 20,000 U.S organizations were compromised through a backdoor security flaw in Microsoft's email software (Outlook). Just recently 3.2 Billion Leaked Passwords Contain 1.5 Million Records with Government Emails. The Internal Revenue Service (IRS), Department of Justice (DOJ), Social Security Administration (SSA), Untied States Postal Service (USPS), and other goverenment agencies were affected in this leak.
Before you go into panic mode, check to see if your email was posted to the dark web or other online hacker forums. Below are eight websites that you can use to check if your email was posted on the dark web.
Recently billions of emails and passwords were leaked online and may have contained information on your Gmail, Hotmail, Outlook, and Yahoo email accounts. On February 2, 2021 COMB was leaked on a popular hacking forum. According to Cybernews, they were "approximately 200 million Gmail addresses and 450 million Yahoo email addresses in the COMB data leak."
More than 20,000 U.S organizations were compromised through a backdoor security flaw in Microsoft's email software (Outlook). Just recently 3.2 Billion Leaked Passwords Contain 1.5 Million Records with Government Emails. The Internal Revenue Service (IRS), Department of Justice (DOJ), Social Security Administration (SSA), Untied States Postal Service (USPS), and other goverenment agencies were affected in this leak.
Before you go into panic mode, check to see if your email was posted to the dark web or other online hacker forums. Below are eight websites that you can use to check if your email was posted on the dark web.
How to Secure Your Gmail Account
The first thing you need to do if you discover that your email (Gmail) has been compromised is to open your browser(s) and look at all the devices you are signed in. I have four computers that I get online with. I have two old desktop computers and two old laptops. I use my Linux desktop and Linux HP-ProBook laptop as my main computers. My Windows desktop is used as my main Plex Media Server and my old Linux HP-Pavilion is used to test Linux software or open source software to help me collect information to add to this website.
"You can see computers, phones, and other devices that are currently using or have recently used your Google Account. You can check this info to make sure no one else has signed in to your account." Open your Google Chrome web browser and enter: http://google.com/devices
"You can see computers, phones, and other devices that are currently using or have recently used your Google Account. You can check this info to make sure no one else has signed in to your account." Open your Google Chrome web browser and enter: http://google.com/devices
I did find two devices that was connected to my account that I didn't recognize. I clicked the More details link to gather more information about the device.
Neither of the two devices contained my IP address, so I clicked the three dots in the upper right and selected "Sign out" If you don't know your IP address then open a browser and go to: https://whatismyipaddress.com/ (Don't share your IP address with anyone. Criminals can use your IP address to impersonate you or steal your personal information.)
Usually, online criminals use software that allows them to change the name of the device and they use a VPN or Tor network to hide their true IP address. So don't trust the device name or IP address for a device you don't recognize.
Next, go into the Manage app access by entering the following: https://myaccount.google.com/permissions Turn off the feature next to Google Account sign-in prompts. We no longer want third-party sites to store our Google account username and password.
Next, go into your Google Account Settings (https://passwords.google.com/options?ep=1) and turn off Offer to save passwords and Auto sign-in. I recommend that you turn on Password alerts to inform you via email if Google finds your email address online. I recommend that you Export passwords so that you'll have a record of all your saved usernames and passwords before deleting them from your browser.
Next, I recommend that you run Google's Password Checkup Tool. Open your Chrome web browser and make sure you're logged into your Google account. Then go to: https://passwords.google.com/ If you have any compromised passwords they will displayed first and then you will see any websites that have passwords that are reused and finally you'll see number of sites that have weak passwords.
Click the drop-down arrow to the right of your compromised passwords and take note at the places that need new account passwords. DO NOT change your passwords and save them back into your Chrome browser. I recommend using a website like Secure Password Generator to create a new password for each of your online accounts. I recommend using a password length of 16 characters and include symbols, numbers, lowercase and uppercase characters, and exclude using similar characters. Click the Generate Password button to generate your new password. It will also generate a line to help you remember your password.
I spent several days changing all my passwords to all my online accounts. However, the most important passwords that needed changing were the compromised passwords and then the reused passwords. As I already mentioned, DO NOT store or save your new passwords in your browser or any browser on your system. I highly recommend that you use a password manager like Bitwarden.
Below are some videos from YouTube that will help you understand how to use Bitwarden.
Bitwarden also has a built in password generator to help you create a unique and secure password.
After you remove all of the saved passwords in your Chrome browser then go back to: passwords.google.com to make sure you don't have any passwords saved.
Next, enter chrome://settings/ in your Chrome browser. You can completely Turn off syncing your account when you log in or you can click the right arrow next to Manage what you sync and control what you sync. I allow syncing of my bookmarks, extensions, settings, theme, and open tabs. I make sure that Passwords, Addresses and more, and Payment methods and addresses using Google Play are turned off. I don't have any passwords, addresses, and/or payments stored in my browser, but it's still a good idea to turn them off just to be on the safe side.
Don't exit your Settings just yet. Click on Privacy and security on the left of Chrome.
Locate the Autofill section and then click on the right arrow to the left of Passwords and delete or remove any saved passwords in Chrome. Then go back and remove all Payment methods and Addresses and more. This information will be placed in your password manger for safe keeping.
Locate Privacy and security and go down each section one at a time clearing out your information within the Clear browsing data and Cookies and other site data. Then make the adjustments to meet your surfing needs within the Security and Site Settings section.
Now locate the Safety check section and click the Check now button.
When it completes the scan it will generate a report. Everything looked good after making all those changes. I liked the fact that Chrome scanned my extensions to let me know if I had any harmful extensions installed.
Now make sure that you have the Bitwarden password manager extension installed. I also recommend that you use the uBlock Origin ad blocker, Poper Blocker to remove those annoying pop-ups on websites, Privacy Badger to block online trackers (even the invisible trackers), and HTTPS Everywhere to ensure that you connect to secure websites and that your data is encrpyted when possible.
Here's are the links to the recommended Chrome extensions:
I recommend that you uninstall or remove any extensions that you do not use or need. Please take a few minutes to read an online article called, Browser Extensions Are a Privacy Nightmare: Stop Using So Many of Them. I once had an extension called Video Downloader professional that started out as a good and reputable extension, but eventually became modified to contain malware. I was prompted to remove the extension when it updated to the infected extension. While you're still in your Settings, I recommend that you click on Extensions in the lower left to allow you to see all the extensions you have installed.
Here's are the links to the recommended Chrome extensions:
I recommend that you uninstall or remove any extensions that you do not use or need. Please take a few minutes to read an online article called, Browser Extensions Are a Privacy Nightmare: Stop Using So Many of Them. I once had an extension called Video Downloader professional that started out as a good and reputable extension, but eventually became modified to contain malware. I was prompted to remove the extension when it updated to the infected extension. While you're still in your Settings, I recommend that you click on Extensions in the lower left to allow you to see all the extensions you have installed.
|
|
Click the Details of each extension and notice if it has been updated in the past year.
You can then scroll downand click View in Chrome Web Store to view each extension in the web store to see when it was last updated.
Look for the Additional Information section and look at the date the extension was last updated. It is currently June 9, 2021 and the Bitwarden extension was updated May 31, 2021, so it was updated nine days ago. If you notice that an extension hasn't been updated in a long time then I recommend that you remove it from your browser. It was probably abandoned and will no longer receive security updates.
Scan Your Computer for Threats
If your account was hacked then I highly recommend that you scan your computer for infected files. You might have a keylogger, dangerous malware, or computer virus on your system waiting to do additional harm. If you use a Linux computer then I recommend that you scan your entire system with Clamscan Antivirus. If you use Windows, Mac/iOS, or Android then I recommend that you download and install Malwarebytes and/or Malwarebytes Anti-Rootkit and then update the definition files and then do a complete scan of your system. Then I recommend that you scan your system with a free online virus scanner like Trend Micro HouseCall. If it finds anything then delete them or quarantine them. Make sure you scan your system until it no longer finds any infected files. If your system was infected then I recommend you to download and scan your system with Kaspersky Virus Removal Tool and/or Kaspersky TDSSKiller.
The removal tools are not substitutes for anti-virus or Internet security software. To keep your computer and devices secure, you should install Internet security software.
If your account was hacked then I highly recommend that you scan your computer for infected files. You might have a keylogger, dangerous malware, or computer virus on your system waiting to do additional harm. If you use a Linux computer then I recommend that you scan your entire system with Clamscan Antivirus. If you use Windows, Mac/iOS, or Android then I recommend that you download and install Malwarebytes and/or Malwarebytes Anti-Rootkit and then update the definition files and then do a complete scan of your system. Then I recommend that you scan your system with a free online virus scanner like Trend Micro HouseCall. If it finds anything then delete them or quarantine them. Make sure you scan your system until it no longer finds any infected files. If your system was infected then I recommend you to download and scan your system with Kaspersky Virus Removal Tool and/or Kaspersky TDSSKiller.
The removal tools are not substitutes for anti-virus or Internet security software. To keep your computer and devices secure, you should install Internet security software.
Check Your Filters and Blocked Addresses in Your Email Settings
Most hackers will make changes in your Email settings to block Emails from sites like Amazon, Walmart, your online banking, and etc. As they purchase items using your account you won't receive any Emails to inform you on the purchases made. This can also prevent you from resetting your passwords to these sites as well. The "Amazon.com Password Assistance" will send you an Email with instructions to reset your Amazon password. If someone has placed a block from anything from Amazon then you won't receive the instructions to reset your password.
I will use my Gmail account to demonstrate how to check and remove any filters or blocked addresses. First log into your Gmail and then click on the gear icon in the upper right corner. Click the See all settings link at the top of the Quick settings menu.
Most hackers will make changes in your Email settings to block Emails from sites like Amazon, Walmart, your online banking, and etc. As they purchase items using your account you won't receive any Emails to inform you on the purchases made. This can also prevent you from resetting your passwords to these sites as well. The "Amazon.com Password Assistance" will send you an Email with instructions to reset your Amazon password. If someone has placed a block from anything from Amazon then you won't receive the instructions to reset your password.
I will use my Gmail account to demonstrate how to check and remove any filters or blocked addresses. First log into your Gmail and then click on the gear icon in the upper right corner. Click the See all settings link at the top of the Quick settings menu.
Then click on the topic or tab Filters and Blocked Addresses. Remove any blocked links or addresses that you didn't add. If you do have something in this category than you can be sure that your Email account was compromised. The hacker probably synced his or her browser so that he or she had access to all your saved usernames and passwords in the Chrome browser. They can even sync your browsing history if you don't clear it out often. So all of the saved accounts in the browser are now at risk.
You should now be able to reset any online accounts that were blocked out by your Email filter.
My Amazon Account Was Hacked!
On Wednesday, May 12, 2021 I received an e-mail notification from my bank that said that I had withdrew $437.99 for an Amazon purchase authorized on 05/10/2021. I did not make that purchase, so I immediately contacted my bank and they deactivated my debit card. The lady from the bank told me to log into my Amazon account and remove my card info and for me to contact someone from Amazon. While looking through links in Amazon for a telephone number to contact them I stumbled on a hyperlink called Archived Orders under my Ordering and Shopping Preferences. To my surprise I saw the $437.99 GoPro that was in the process of being delivered and a Kupton Frame for a GoPro valued at $12.73 was pending. There was also an expensive pressure washer valued at $208.38. The Kupton Frame for the GoPro and the pressure washer didn't show up on my debit card when I had the card deactivated, so at the time I didn't seem to concerned about those items. However, I did click cancel on both items just to prevent them from trying to take money from a debit card that is no longer activated.
I eventually found a hyperlink to request someone from Amazon to chat with me. I informed the lady, man or bot on the Amazon messenger that my Amazon account was hacked and that someone purchased a GoPro using my card and had it shipped to 5252 Corteen Pl Apt 36, Valley Village, CA 91607-4225 and that it was still in the process of being delivered. I figured it would be a simple task for the Amazon employee to contact the company delivering the item to immediately return it to Amazon because it was stolen. However, the Amazon employee did nothing to stop the stolen order. I eventually received an Email saying the package was delivered. The Email said the package was handed to me. Well I've never been to California my entire life. I live in North Carolina and the package was delivered to:
5252 Corteen PL Apt 36
Valley Village, CA 91607-4225
On Wednesday, May 12, 2021 I received an e-mail notification from my bank that said that I had withdrew $437.99 for an Amazon purchase authorized on 05/10/2021. I did not make that purchase, so I immediately contacted my bank and they deactivated my debit card. The lady from the bank told me to log into my Amazon account and remove my card info and for me to contact someone from Amazon. While looking through links in Amazon for a telephone number to contact them I stumbled on a hyperlink called Archived Orders under my Ordering and Shopping Preferences. To my surprise I saw the $437.99 GoPro that was in the process of being delivered and a Kupton Frame for a GoPro valued at $12.73 was pending. There was also an expensive pressure washer valued at $208.38. The Kupton Frame for the GoPro and the pressure washer didn't show up on my debit card when I had the card deactivated, so at the time I didn't seem to concerned about those items. However, I did click cancel on both items just to prevent them from trying to take money from a debit card that is no longer activated.
I eventually found a hyperlink to request someone from Amazon to chat with me. I informed the lady, man or bot on the Amazon messenger that my Amazon account was hacked and that someone purchased a GoPro using my card and had it shipped to 5252 Corteen Pl Apt 36, Valley Village, CA 91607-4225 and that it was still in the process of being delivered. I figured it would be a simple task for the Amazon employee to contact the company delivering the item to immediately return it to Amazon because it was stolen. However, the Amazon employee did nothing to stop the stolen order. I eventually received an Email saying the package was delivered. The Email said the package was handed to me. Well I've never been to California my entire life. I live in North Carolina and the package was delivered to:
5252 Corteen PL Apt 36
Valley Village, CA 91607-4225
On Thursday, May 13, 2021 I logged back into my Amazon account an to my surprise there was over $1,200.00 of products in my shopping cart. I wondered how this could have happened because all of my passwords to all of my accounts were changed and stored within a password manager instead of the browser. My computer systems were cleaned off and thoroughly scanned. I no longer had a debit card on my account so, that is far as they got. I deleted the items in my cart.
On Saturday, May 15, 2021 I received an e-mail notification from my bank that said that I had withdrew $12.73 for an Amazon purchase made on that day. My debit card was deactivated, so I don't understand how that happened. I called back the bank and they tried to explain that the purchase somehow slipped through as they were in the process of deactivating the card. Then on Sunday, May 16, 2021 I received an email with reference to me being an Amazon Prime member. I never joined Amazon Prime, so I logged into Amazon and canceled it. I wasn't sure if I did everything correctly, so I brought back up the Amazon messenger and request someone from Amazon to call me. I wanted for someone to confirm that my account was secure and that I canceled Amazon Prime correctly. I guess the individual(s) that hacked into my Amazon account subscribed to Amazon Prime as well. I wanted to know why the Amazon employee I reported the hacked account to did absolutely nothing to stop the order or to lock my hacked account. The Amazon employee I spoke to was very friendly and seemed to be concerned about my situation. He told me that he was unable to see what went on in the conversation via Amazon messenger. He informed me that I didn't speak to an online hacker. He said it was on record that I messaged with an Amazon employee. He told me that he would report everything to the appropriate department. Within an hour after I got off the telephone with the Amazon employee, I received an email saying that my Amazon account was locked while they investigate.
Later that same day I sent an Email to account-alert@amazon.com and explained everything that happened to my Amazon account to help them in the investigation. Below is some information I provided them with.
"As long as I have purchased things from Amazon I have never had an order sent anywhere other than my home address or my mom's address in North Carolina. I figured that Amazon would have some type algorithm that would detect an unusual order pattern and verify the order before processing it. I live on the east coast and my order was shipped to the west coast.
I understand that Amazon wants to make it easy for people to purchase things online, but sometimes that can comprise security. I liked the way that Amazon used to make me enter the three security digits on the back of my card before they processed my order. That gave me a piece of mind that my card number had a bit of security online. I don't know when that stopped happening. I never knew that you could archive or hide an Amazon order, so I didn't know to check to see if I had hidden items purchased using my personal information. If I didn't get email notifications from my bank, someone could have purchased a lot of items daily and hid it from me because I normally don't log into my Amazon account daily to monitor it. I don't know how they (the hackers) kept Amazon from sending me email notifications or calling me at my telephone number to verify a strange order. The last time I logged in I noticed that my telephone number was missing from my info. Amazon should require a separate password or code in order to change an account members information. I only place online orders using only two computers. I order from a Linux system at my mom's house using Windstream Internet service and I order from my house using a Windows 10 system using Spectrum Internet, so my IP address and my systems UUID's or universally unique identifier's should have set off a red flag."
Later that same day I sent an Email to account-alert@amazon.com and explained everything that happened to my Amazon account to help them in the investigation. Below is some information I provided them with.
"As long as I have purchased things from Amazon I have never had an order sent anywhere other than my home address or my mom's address in North Carolina. I figured that Amazon would have some type algorithm that would detect an unusual order pattern and verify the order before processing it. I live on the east coast and my order was shipped to the west coast.
I understand that Amazon wants to make it easy for people to purchase things online, but sometimes that can comprise security. I liked the way that Amazon used to make me enter the three security digits on the back of my card before they processed my order. That gave me a piece of mind that my card number had a bit of security online. I don't know when that stopped happening. I never knew that you could archive or hide an Amazon order, so I didn't know to check to see if I had hidden items purchased using my personal information. If I didn't get email notifications from my bank, someone could have purchased a lot of items daily and hid it from me because I normally don't log into my Amazon account daily to monitor it. I don't know how they (the hackers) kept Amazon from sending me email notifications or calling me at my telephone number to verify a strange order. The last time I logged in I noticed that my telephone number was missing from my info. Amazon should require a separate password or code in order to change an account members information. I only place online orders using only two computers. I order from a Linux system at my mom's house using Windstream Internet service and I order from my house using a Windows 10 system using Spectrum Internet, so my IP address and my systems UUID's or universally unique identifier's should have set off a red flag."
On Wednesday, May 26, 2021 I received another Email from Amazon saying that I had requested to return a pressure washer purchased on my account. I have no idea where that came from. My account had been locked since May 16, 2021 and Amazon was informed about my hacked account on Wednesday, May 12, 2021. I had earlier seen an order on a pressure washer and I hit cancel before it was even processed. I never received a charge on my debit card for $208.38. My debit card was removed from my Amazon account, so someone must have used someone else's card information to complete the order.
I am now convinced that my Amazon account was hacked and not my Email account. On Friday, May 28, 2021 I called Amazon’s Security Department at (888) 282-2406 and they were overloaded at that time and an automated message told me to call back later. Then I called Amazon Customer Service at (888) 280-4331 to try to find out what was going on and find out how activity was continuing to take place on my locked Amazon account. The Amazon employee I spoke with told me that he would remove the pressure washer from my account. He told me that he would send me forms so they could start an internal investigation. He confirmed that my home address and telephone number was correct and told me that I should receive the forms in the mail within the next few days. That was Friday, May 28, 2021 and it's currently Saturday, June 12, 2021 and I still haven't received any forms from Amazon.
On Saturday, May 29, 2021 I received the following Email from Amazon. Since it is difficult to read, I copied and pasted it below the image.
"Recent changes to your Amazon account
Hello,
We believe that an unauthorized party may have accessed your account. To protect your information, we have:
-- Disabled the password to your account.
-- Reversed any modifications made by this party.
-- Canceled any pending orders. You can ignore any confirmation emails that you received for these orders.
-- Restored any gift card balance that may have been used. It may take 2 to 3 days for the gift card balance to be available in your account.
-- If Two-Step Verification has been enabled during the unauthorized access, we have disabled Two-Step Verification. Please reset on Amazon and enable if appropriate.
Please allow 2 hours for these actions to take effect.
After 2 hours, you will be able to reset your password and regain access to your account. On the Sign In page, select "Forgot your password?" and follow the instructions. If you do not have a phone number in your account, we recommend adding it by clicking "Account Settings" on our Help page:
http://www.amazon.com/help"
Hello,
We believe that an unauthorized party may have accessed your account. To protect your information, we have:
-- Disabled the password to your account.
-- Reversed any modifications made by this party.
-- Canceled any pending orders. You can ignore any confirmation emails that you received for these orders.
-- Restored any gift card balance that may have been used. It may take 2 to 3 days for the gift card balance to be available in your account.
-- If Two-Step Verification has been enabled during the unauthorized access, we have disabled Two-Step Verification. Please reset on Amazon and enable if appropriate.
Please allow 2 hours for these actions to take effect.
After 2 hours, you will be able to reset your password and regain access to your account. On the Sign In page, select "Forgot your password?" and follow the instructions. If you do not have a phone number in your account, we recommend adding it by clicking "Account Settings" on our Help page:
http://www.amazon.com/help"
I don't plan on logging into my Amazon account until they investigate what went on.
On Thursday, June 10, 2021 I received a letter from my bank saying the $12.73 that was taken from an Amazon purchase on May 15, 2021 was returned by Amazon. My debit card was deactivated on Wednesday, May 12, 2021, so I have no idea how the money was taken from my account or placed back into the account using my old card number. However, it's a good thing seeing money that was taken out of my account are starting to return.
On February 17, 2021 Cybernews reported 14 Million Amazon & eBay Account details were sold online. "An Amazon representative informed CyberNews that they investigated the claims and that there was no evidence of any data breaches." I don't believe the Amazon representative because they have lied to me multiple times. I wish I would have known about this security breach, so I could have changed my account password and removed my debit card from my account.
On Friday, June 11, 2021 The Sun (US) reported that "Hackers steal 26m logins for Facebook, Amazon, Apple & other sites using virus that takes your pic if device has a cam. " That is so scary!
On Friday, June 11, 2021 The Sun (US) reported that "Hackers steal 26m logins for Facebook, Amazon, Apple & other sites using virus that takes your pic if device has a cam. " That is so scary!
On Saturday, June 12, 2021 I received a letter from my bank saying the $437.99 that was stolen from my account has been replaced. I wish I would have used better password management and all of this could have been avoided. Maybe someone can learn from my mistakes and is able to prevent this from happening to them.
Other sites worth checking out:
- This might be the mother of all password leaks, with billions of credentials exposed
- Billions of emails and passwords appear in largest data leak ever
- Hackers steal 26 MILLION logins for Amazon, Apple, Facebook and other tech giants
- Amazon Data leak
- FBI warns about attacks that bypass multi-factor authentication (MFA)
- How hackers are using social engineering techniques to bypass two-factor authentication
- How Attackers can Bypass Two-factor Authentication
- Cybersecurity 101: Protect your privacy from hackers, spies, and the government
- Credit card skimmer attacks on e-commerce websites
Please don't let this happen to you or someone you care about. Warn as many people as you can to protect their privacy and money.
June 13, 2021
