Gf's Facebook, hotmail and itunes hacked.

[fearless]

Okay this might be a long post but if you can bear to read it, id appreciate any advice.

So at work yesterday my gf text me saying she couldn't log in to her facebook or hotmail accounts. Being at work I could only offer some advice and thought she had just forgot her passwords.

Get home from work, log in to my facebook and her account was doing things, so i tried logging in to hers. I couldn't but it said her account password had been changed just hours earlier. Had the account frozen and diverted to a new email account so that was fine.

Next up was her hotmail. Tried logging in with good known previous passwords to no avail so recovered it to a different account. Logged in, and things got weird. I was in her account but so was someone else at that exact moment, things were being moved and deleted and sent before my very eyes. At this point they had asked facebook for an info download, something I didn't know you could do, but they were resetting her itunes password as i watched. Cue frantic phonecall and get her linked card stopped. Firefox was having a fit saying the hotmail website i was looking at was not trusted and when i looked i didnt recognise the address.

Eventually got her itunes moved to a different email and password so think that is safe, and her facebook is still locked down.

Only thing left is her hotmail, I'm currently deep scanning my laptop to check there isn't anything on it before I try to recover her hotmail again.

Sorry if that makes no sense, written still with mild panic in my mind. Any suggestions?

 

[Adam.]

Change all passwords but make sure the backup email address or recovery address is one of yours and not some random one as they will keep recovering it!

 

[fearless]

Backup email is one I hastily created last night so should be clean I think. Have changed all my passwords and all hers will be if I can recover her hotmail account.

 

[Adam.]

Try passport.com for the hotmail one.

 

[Dave Hester]

Is your girlfriend one of those people that puts info in her facebook profile like
Address.
Date of Birth.
Names of family members.
Phone number?

If so, she deserves to be hacked for her stupidity

 

[fearless]

Nope, there is f**k all on there bar her dob. Its all locked down to the public as well.

 

[DrR]

Guessing she uses all the same passwords?

 

[Ex-User (19928)]

Sounds like a keylogger to me.

 

[fearless]

That's the bit she needs a slap for, Fb and hotmail were the same. iTunes was different but once into hotmail they just had it reset with email authentication. Flawed system really.

 

[fearless]

Best way of detecting/removing a keylogger?

 

[Sym0n]

How is a cross platform and totally separate authentication system flawed? PMSL Pretty much industry standard and really the only place to point the blame is at your missus.

Anyway, get Malwarebytes and Avast downloaded, installed and updated. Disconnect from the internet and boot in to Safe Mode then scan and remove anything it finds on all you machines.

Then when you got back online look in to good password habits, stop going on dodgy p**n sites and don't download anything illegal.

Highly doubt it's a keylogger btw, more likely a phishing scam or trojan on the PC/laptop. Access Firefox and no doubt password saving is enabled.

 

[fearless]

True.

Is it necessary to be in safe mode before scanning everything? I run malwarebytes and MSE and have run both without finding anything on my laptop.

I think everything is recoverable, just a pain in the arse.

 

[Sym0n]

It's not a necessity but it will stop all but the essentials running at start up, so when you scan there's less chance of something having a locked process or being hooked in anywhere and able to re-instate itself.

Does she use any other machines to access any of the sites? What about a smartphone? Got any dodgy or third party apps where she has to input her details? If it's phishing, as I'd assume, then your machine could well be clear and she's just given them the details they need by typing them in to a suspect site herself.

 

[fearless]

She only ever uses her iPhone or laptop to access stuff. I just used mine last night to try and recover stuff. Her's will be getting a full scan in safe mode soon as I get my hands on it.

Having thought about it it probably was phishing and she just cant remember what she has typed in where. Can't think of any dodgy apps though.

 

[fearless]

Okay here's an interesting one.

Recovered her hotmail password. Signed in and immediately signed out.

It coming up as the address starting du112w.dull2 in the address bar not the usual live mail thing. Looks dodgey as hell. Any help?

 

[ekaJ]

Okay here's an interesting one.

Recovered her hotmail password. Signed in and immediately signed out.

It coming up as the address starting du112w.dull2 in the address bar not the usual live mail thing. Looks dodgey as hell. Any help?

Thats normal mate, no need to worry.

Has it got mail.live.com after?

 

[ChrisR]

Check the certificate details to ascertain if the site is legit, that's what they are there for