I've been recently hacked and need advice!

[helpmeplease1]

Hi,
My computer was recently hacked as well as my email addresses! I noticed that account information was being changed on two of my gmail accounts so I immediately changed the passwords. However, this did not stop the hackers as they were able to quickly change the password back and we were going back and forth for some time. Then I saw some text come across my desktop that said "helpmeplease1's buddies". At that point I pulled the cable to my modem. I am on u-verse and have only the default u-verse router/modem that they supplied. I was successful in closing out the gmail accounts but I am very disappointed with google's email hijack support. All you can do is deactivate the account once you get in but then you can always reactivate it again later if you know the answers to the secret questions...

I guess my question is what would you recommend to do from here? I have formatted my computer and plan to format it again to make sure than reinstall an Operating system (I had windows 8 on it before). Should I also call AT&T uverse to get a new IP Address or how does that work? I also plan to buy a separate router besides the ATT one supplied. Will have to get new email addresses too. This has really scared me...

I have also signed up for fraud monitoring services and have changed password and killed various other accounts

 

[smakme7757]

Do you use a common password at different places on the net?

Most hijacked account are due to a database leak at some other site that has your email address and your password in clear text. Then the hackers can just log into any account which has the same combination, including your email.

I would look into a password manager so you can create separate passwords for each site your visit.

To name a few i have used myself (and trust):
Keepass
Lastpass
Password Vault Manager

 

[PliotronX]

Adding to Smakme's good advice, you can quickly strengthen passwords by adding numbers and a symbol to the end of the password (888*). Easy to remember yet impervious to dictionary attacks.

 

[FoxFifth]

If you do reactivate your Gmail account you may want to consider using their 2-step verification. It is very easy to use. http://www.google.com/landing/2step/

 

[Chiefcrowe]

Definitely use 2 factor authentication! You changed passwords for all your online accounts from a known good computer right?

Also make sure all your programs and OS and plugins are fully patched from now on.

Good call on the password manager. I'd say that is a must as well.

 

[John Connor]

Sounds like something at the application level since you got a message on your computer. I wsould scan you computer with a live CD such as bitdefender. Download the ISO and burn it to CD using IMGburn. Boot the CD and scan. Must have a minimum of 1 GB of RAM. You need to boot into BIOS and set the CD to be the first boot device.

http://download.bitdefender.com/rescue_cd/

http://www.imgburn.com/

http://www.pcworld.com/article/226935/how_to_boot_from_a_windows_dvd_or_another_optical_disc.html

 

[blankslate]

Good call on the password manager. I'd say that is a must as well.

Very true it is practically impossible for people to practice good password security (unless they have an eidetic memory) without a password manage unless they only need one or two passwords.

 

[tential]

Very true it is practically impossible for people to practice good password security (unless they have an eidetic memory) without a password manage unless they only need one or two passwords.

I can remember all my passwords and my memory is horrible. If something is important to you you'll remember it. I use about 6-8 passwords. I bet you you can name your 5 favorite actors, your favorite blah blah blah, etc. You type your password in REGULARLY. Not that hard to remember.

 

[smakme7757]

I can remember all my passwords and my memory is horrible. If something is important to you you'll remember it. I use about 6-8 passwords. I bet you you can name your 5 favorite actors, your favorite blah blah blah, etc. You type your password in REGULARLY. Not that hard to remember.

The point is that most people have more than 6 to 8 accounts online. If you reuse the same passwords over and over you're just back at square one.

 

[John Connor]

Pasasword managers require copy/paste which could be snached by malware. I use PWD Hash in Firefox and Pale Moon. Read about it. https://www.google.com/search?q=pwd...=t&rls=Palemoon:en-US:official&client=firefox

 

[HOSED]

OP AFA I know if you leave the router unplugged for a few hours it will acquire a new IP address (at least that is how Verizon FIOS works)

What I do for my 20 + set of credentials - all userid's are unique as well as the password. I never save ID's or passwords when the browser asks me to. I keep all the info on a USB stick and plug it in then type from it when needed.
Also my security answers are never anything logical --- Pet name (for instance) @#_BAM_BAM_Bigelo99
John Conner thanks for the tip !

 

[smakme7757]

Pasasword managers require copy/paste which could be snached by malware. I use PWD Hash in Firefox and Pale Moon. Read about it. https://www.google.com/search?q=pwd...=t&rls=Palemoon:en-US:official&client=firefox

Lots of password managers use autofill and do not use the clipboard to do it. They also employ measures to reduce the likelihood of malicious Javascript picking up the input.

Additionally if you already have malware on your PC then the game is up. Different passwords are to stop people dumping the database at myshitsite.org and then using the password to log into your other accounts online.

Good password management primarily reduces risk in case of a breach - be it a website or the postit-note you forgot at the office.

 

[rockmyroad]

One of the first things you should do when you get a computer is to install a security system on it.

When it comes to passwords, maybe you can keep a documentation hidden in your desk on all the passwords. Usually after a few weeks, you will start to remember them without any reminder.