Atheistforums.com

News & General Discussion => General Discussion => Topic started by: SGOS on September 13, 2017, 01:15:14 PM

Title: I May Have Been Hacked
Post by: SGOS on September 13, 2017, 01:15:14 PM
Specifically, my amazon account may have been hacked.  It appears that someone got my email address and my password, and requested that Amazon change my email address.  It was to some strange address that didn't look like a typical email address, but more like a site.  It ended in ".ru"

I was notified just prior to my panic by email from amazon informing me that "I" had requested a change in email address, and I couldn't contact them to tell them I never made such a request, because to do so on their site required that I give them my password which they would not accept.  I finally located a customer service phone number (not available to me without a password) by googling "amazon customer service, phone." 

I talked to a rep that is contacting an amazon specialist to call or email me in the next 24 hours to work this out.  I was told my account is now frozen until we solve this.  It's a creepy feeling to have this happen, and I'm nervous about it.  I googled the email address, but there were no customary links.  It was one of those pages that shows up and mostly focuses on the google request.  I saw brief phrases from forums discussing spam, scam, and Russia in regards to the email address.  I did not attempt to sign into any of them.  The last thing I want to do is give out more personal information at this time.

I had just finished opening an account at imgur.com, but it may be a coincidence that amazon's notification happened just afterwards.
Title: Re: I May Have Been Hacked
Post by: PickelledEggs on September 13, 2017, 01:22:03 PM
A friend of mine recently got hacked on amazon... I wonder if there is a security leak...
Title: Re: I May Have Been Hacked
Post by: Unbeliever on September 13, 2017, 01:26:40 PM
Corporate security seems to be sloppy, no matter which corporation it is. If they want to keep their customers they'd better get their shit together. No one seems to be safe, except those who don't use the internet at all.
Title: Re: I May Have Been Hacked
Post by: SGOS on September 13, 2017, 01:55:54 PM
Quote from: Unbeliever on September 13, 2017, 01:26:40 PM
Corporate security seems to be sloppy, no matter which corporation it is. If they want to keep their customers they'd better get their shit together. No one seems to be safe, except those who don't use the internet at all.
You know, I've had that same thought.  Internet sites gather personal data, seemingly data they don't even need, as if their security is air tight and their integrity is beyond reproach.  I have the suspicion many, maybe most, value my data, probably so they can sell it for profit. We live in a new age where even personal trivia has a value.
Title: Re: I May Have Been Hacked
Post by: SGOS on September 13, 2017, 01:59:52 PM
Quote from: PickelledEggs on September 13, 2017, 01:22:03 PM
A friend of mine recently got hacked on amazon... I wonder if there is a security leak...
I asked the rep if my phone call had a familiar sounding concern, and she said, "No, this is the first time I have heard about this specific concern."  Of course that doesn't really mean much.  It may or may not be true.
Title: Re: I May Have Been Hacked
Post by: Baruch on September 13, 2017, 03:05:04 PM
Quote from: SGOS on September 13, 2017, 01:59:52 PM
I asked the rep if my phone call had a familiar sounding concern, and she said, "No, this is the first time I have heard about this specific concern."  Of course that doesn't really mean much.  It may or may not be true.

Was the rep named "Boris" of "Natasha"?  Don't worry, Putin just needed you to pay for his Playboy renewal ;-)
Title: Re: I May Have Been Hacked
Post by: SGOS on September 13, 2017, 03:13:25 PM
Quote from: Baruch on September 13, 2017, 03:05:04 PM
Was the rep named "Boris" of "Natasha"?  Don't worry, Putin just needed you to pay for his Playboy renewal ;-)
No, but as usual, I had a difficult time understanding her Mideast accent.  I hope the specialist is easier to understand.
Title: Re: I May Have Been Hacked
Post by: Baruch on September 13, 2017, 03:16:08 PM
Quote from: Unbeliever on September 13, 2017, 01:26:40 PM
Corporate security seems to be sloppy, no matter which corporation it is. If they want to keep their customers they'd better get their shit together. No one seems to be safe, except those who don't use the internet at all.

Correct ...
https://arstechnica.com/information-technology/2017/09/equifax-website-hack-exposes-data-for-143-million-us-consumers/

https://en.wikipedia.org/wiki/List_of_data_breaches

The breaches aren't coincidences.  You are a drug user in an opium den ... don't think that the drug dealer is your friend, or that you are innocent.

(https://thumb9.shutterstock.com/display_pic_with_logo/524191/524191,1311868649,2/stock-photo-old-illustration-of-opium-smokers-in-china-created-by-morin-published-on-le-tour-du-monde-paris-81821878.jpg)
Title: Re: I May Have Been Hacked
Post by: Baruch on September 13, 2017, 03:20:07 PM
Quote from: SGOS on September 13, 2017, 03:13:25 PM
No, but as usual, I had a difficult time understanding her Mideast accent.  I hope the specialist is easier to understand.

After-selling bothers me ... did she offer "convert to Islam now, and we will send you a Ginsu scimitar and a Quran in English, absolutely free (not counting shipping)"?
Title: Re: I May Have Been Hacked
Post by: SGOS on September 13, 2017, 03:27:58 PM
Quote from: Baruch on September 13, 2017, 03:16:08 PM
https://en.wikipedia.org/wiki/List_of_data_breaches
It's disconcerting that many of these resulted from being lost, stolen, or accidentally published.  Also "poor security" is interesting.  I consider all data at risk all the time.  What does it take to go from at risk to poor?
Title: Re: I May Have Been Hacked
Post by: Baruch on September 13, 2017, 03:31:16 PM
Quote from: SGOS on September 13, 2017, 03:27:58 PM
It's disconcerting that many of these resulted from being lost, stolen, or accidentally published.  Also "poor security" is interesting.  I consider all data at risk all the time.  What does it take to go from at risk to poor?

If you are financially hacked in the US, it typically takes $10,000 of effort to restore your credit and identity.  Stealing medical identity is even more lucrative ... you can buy those on the Dark Net for $250 a pop ... ordinary identity is only $150 a pop.  Medicare fraud is a big business.  Why do you pay 21% on your long term credit card balance?  Because MC/Visa has no way of stopping the Armageddon they started ... before the Internet.  This is basically the human face of information entropy.  Once information is created, it diffuses, same as a drop of squid ink released into the ocean.  Once the data breach cost per year equals the total GDP, then we are all data pirates, and the ocean is completely squid ink.
Title: Re: I May Have Been Hacked
Post by: Hijiri Byakuren on September 13, 2017, 08:17:19 PM
This is why I appreciate services like Steam that have extra layers of security beyond a username and password. Several months ago a hacker with a Belarus IP address got ahold of my login and tried to access my account; they failed due to Steam Guard requiring verification through my phone (which I of course denied).


Sent while riding my mighty steed: Godzilla
Title: Re: I May Have Been Hacked
Post by: SGOS on September 13, 2017, 08:30:22 PM
Quote from: Hijiri Byakuren on September 13, 2017, 08:17:19 PM
This is why I appreciate services like Steam that have extra layers of security beyond a username and password. Several months ago a hacker with a Belarus IP address got ahold of my login and tried to access my account; they failed due to Steam Guard requiring verification through my phone (which I of course denied).


Sent while riding my mighty steed: Godzilla
Cool.
Title: Re: I May Have Been Hacked
Post by: Hydra009 on September 13, 2017, 10:47:16 PM
Quote from: Hijiri Byakuren on September 13, 2017, 08:17:19 PM
This is why I appreciate services like Steam that have extra layers of security beyond a username and password. Several months ago a hacker with a Belarus IP address got ahold of my login and tried to access my account; they failed due to Steam Guard requiring verification through my phone (which I of course denied).
MFA (https://en.wikipedia.org/wiki/Multi-factor_authentication) ftw.

Authentication is based on one of three things:
* Something you have (car keys)
* Something you know (PIN, password)
* Something you are (thumbprint, retinal scan)

Requiring two or more makes it that much harder for an attacker to compromise the account.  It's also a slight inconvenience for the end user, but that's the cost of security.
Title: Re: I May Have Been Hacked
Post by: Cavebear on September 14, 2017, 01:42:38 AM
I had a ru site visting my blog, so I panicked and backed it up.  Changed my password to REALLY long weird stuff. 

Nothing bad happened, but it IS a good habit once a month.  And keeping your routine backups not on your computer...
Title: Re: I May Have Been Hacked
Post by: SGOS on September 14, 2017, 07:25:49 AM
I received what appeared to be a boilerplate email from amazon this morning informing me that my email had been reset, and I would have to follow some back and forth instructions for resetting my password and some other things.  But I have a dentist appointment in an hour, and I don't want to start anything right now until I have unlimited time.  They said they have cancelled any pending orders I might have.  I'd be curious to know if there were any.  Or if those will be scrubbed off my history.

I would think this hack would be financially harmful if they also had my credit card.  But amazon says I'm safe, of course, because my credit card number is secure.  HA!
Title: Re: I May Have Been Hacked
Post by: Baruch on September 14, 2017, 07:28:35 AM
Good luck.  I also shop Amazon for books.  But then again, I been Putin on the ritz ;-)
Title: Re: I May Have Been Hacked
Post by: SGOS on September 14, 2017, 07:37:48 AM
OK, so I checked my amazon site, and the email is correct, the old password still works (I would have thought that would have been shut down), but my name has been changed to "Milkyclogblog" or something like that.
Title: Re: I May Have Been Hacked
Post by: Cavebear on September 14, 2017, 08:00:14 AM
Quote from: SGOS on September 14, 2017, 07:25:49 AM
I received what appeared to be a boilerplate email from amazon this morning informing me that my email had been reset, and I would have to follow some back and forth instructions for resetting my password and some other things.  But I have a dentist appointment in an hour, and I don't want to start anything right now until I have unlimited time.  They said they have cancelled any pending orders I might have.  I'd be curious to know if there were any.  Or if those will be scrubbed off my history.

I would think this hack would be financially harmful if they also had my credit card.  But amazon says I'm safe, of course, because my credit card number is secure.  HA!

I would ask Amazon about that directly.  Erring on the side of suspicion is usually a good idea.