For starters, I used to live in a third-world country and have been pirating since about 8 thanks to my older bro, and to my knowledge, I never got a virus thanks to good practices and habits like vpn+ and staying only with a trusted tracker (and obviously some luck too). But I stopped when I grew older and made money. Except recently I got caught lacking. I downloaded something from a website I didn’t usually go to a while ago and apparently had a silent malware infection. I forgot to have 2FA on in my Google account and saw a login from Russia. I don’t have anything particularly sensitive saved even passwords wise in my google account but still I acted quickly by logging them out turning it on ASAP and changing my passwords. They had been doing stuff and deleting their tracks like attempting to log in somewhere and delete the email right after (I knew because my phone would get notifications and then when I clicked on them they would be gone and deleted) This has all stopped as of now.

But I noticed something weird, that they probably did not account for, and that is I had Firefox syncing my info including PW right before it happened. And I noticed that he made an account for AT&T (and saved the info) with what I presume is his very Russian or Ukranian-sounding email, or one of his hacked botnet slaves but his password was literally my GF’s name and year of birth. there is no evidence of my gf anywhere besides me emailing her 2 memes when her phone was broken, but even then her email is only her name and not her YOB (if he did go to my sent tho, he would see her right away as i only have sent like 12 emails from that account which would make more sense). This password was not in the google pw manager which tells me he deleted it from there but FF synced it. I tried logging in with those credentials to the ATT website and an account indeed exists, with a $245 payment due with no payment method added. I couldn’t see anymore without verifying through text, and the options all looked like random foreign numbers. Has anyone had anything like this happen to them? Why would they go out of their way to do that instead of generating a randomized password? I am willing to share the email address.

Upon closer inspection, the password was created on April 14th and used on May 21 which means it was actually before I got that malware. Another likely scenario is my info was part of a leak. Thoughts?

  • Tetsuo@jlai.lu
    link
    fedilink
    English
    arrow-up
    14
    ·
    edit-2
    7 months ago

    Is it possible that this password was really your gf’s password in the past ? It could have leaked long ago and the hacker just decided to use a previously leaked pass to be more inconspicuous.

    I don’t think this whole story is so wild, it could be just coincidental. The hacker knew somehow about her DOB and thought this would be an easy password.

    Rest assured a hacker wouldn’t want to use their own password or reuse even one as that could link to previous nefarious activity. So they had to set up a brand new password just to move forward. So they set up anything personal they could get their hands on.

    PS: you should check haveIbeenPwned for the address of your gf.

  • Guadin@k.fe.derate.me
    link
    fedilink
    arrow-up
    13
    ·
    7 months ago

    Does your girlfriend use your devices or accounts? Seems very strange to me that they would do that. Or they want to fuck you over even more by making it less easy to deny that you didn’t create that account since the password is linked to you/your girlfriend. But then again, LE would need to be made aware of the password before that makes sense.

    • jeremyparker@programming.dev
      link
      fedilink
      English
      arrow-up
      26
      ·
      7 months ago

      I dated a girl named Password for a while. She was a lot older than me, she was born in the year 1234.

      Anyway, @op the exact same thing happened to me. I gotta get smarter about opsec.