pendell

Pendell

@pendell

Current Hyperfixation: Wizard of Oz

  • He/Him

I use outdated technology just for fun, listen to crappy music, and watch a lot of horror movies. Expect posts about These Things. I talk a lot.

Check tags like Star Trek Archive and Media Piracy to find things I share for others.

log inask
Bluesky
bsky.app/profile/pendell.bsky.social
Mastodon
mastodon.social/@pendell
Bearblog
pendell.bearblog.dev/
Letterboxd
letterboxd.com/aependell/
pendell
@pendell

Despite it not being present in any significant data breaches, some asshole has managed to get access to one of my emails. First they tried the good ol' "I have recorded videos of you watching porn, send me $400 in Bitcoin or I show them to everyone in your contact book" which I didn't fall for, but they did show they had my actual password, so I changed that immediately.

Then they began using those credentials to try and break into my public Facebook account that I'm friends with my family on. Bad news. I figured they'd probably try to post and message scam or phishing links of some sort. Got into a brief password-changing battle that culminated in me activating 2FA for both Facebook and that email account, which seemed to get rid of the bastard at last.

Then this morning, after getting all my devices set up with that email again, I get an email notification that my old, disused Instagram vent account that I haven't touched in 3 years suddenly received a new login from Vietnam, of all places. Because it used that email and password. So I had to go and change the password on that and now I have to sit and baby it to monitor for any new suspicious logins while I hunt for the way to delete Instagram accounts, since I don't even need it anymore. And I'm reasonably concerned about the hacker trying these old credentials on other websites that I've forgotten about which might not be kind enough to email me about new logins...

So that's how my new year is starting off. What about y'all?

You must log in to comment.

in reply to @pendell's post:

MisutaaAsriel
@MisutaaAsriel

Some recommendations, if you don't mind them:

  1. Turn on 2FA everywhere you can, but use app 2FA not SMS.
  2. Don't reuse passwords. At all. If you can, use a password generator and a password store (but not LastPass dear god) — If you use Apple platforms, use Keychain; it's built-in, and there's a windows client.

Th internet is not something that you can really reliably use without those 2 things anymore. Like, at all.

I've gotten that same scammy email, but luckily I was already following this advice so no harm. (My email domain was set up wrong so they were able to spoof it.)

Wishing you luck.

login to reply
pendell
@pendell

It's a tertiary email I use for signing up for services I don't entirely want having access to my primary email I use with banking and such, so at least there's a level of separation already. But it's with GMX, one of those rando email hosts with dubious security. Fortunately their 2FA implementation seems robust, once you've activated it, in order to sign into third party email clients you have to generate one-use passwords to use in place of your regular password. GMX will only show you these one-use passwords one time at the moment you create them, and presumably doesn't store them, but allows you to later deactivate any of them at a whim. So I'm fairly happy.

I use Authy for all my 2FA where possible (some sites are stuck in the 2000s and still only offer SMS 2FA unfortunately, but my phone number is under my father's plan so hopefully a hacker wouldn't be able to use my information to sim swap that number), but I'm hesitant about password managers because I haven't found one that works seamlessly across all devices and platforms in the same way Authy does, and I'm paranoid about losing access to it or ending up in a situation where I can't access it and being locked out of an essential account because of that.

My current solution is to write down the unique passwords I'm making in a journal. They're all slightly differentiated based on what website they're for. I really should go through all my websites and do this now.

login to reply
Pinned Tags