For starters, I used to live in a third-world country and have been pirating since about 8 thanks to my older bro, and to my knowledge, I never got a virus thanks to good practices and habits like vpn+ and staying only with a trusted tracker (and obviously some luck too). But I stopped when I grew older and made money. Except recently I got caught lacking. I downloaded something from a website I didn’t usually go to a while ago and apparently had a silent malware infection. I forgot to have 2FA on in my Google account and saw a login from Russia. I don’t have anything particularly sensitive saved even passwords wise in my google account but still I acted quickly by logging them out turning it on ASAP and changing my passwords. They had been doing stuff and deleting their tracks like attempting to log in somewhere and delete the email right after (I knew because my phone would get notifications and then when I clicked on them they would be gone and deleted) This has all stopped as of now.

But I noticed something weird, that they probably did not account for, and that is I had Firefox syncing my info including PW right before it happened. And I noticed that he made an account for AT&T (and saved the info) with what I presume is his very Russian or Ukranian-sounding email, or one of his hacked botnet slaves but his password was literally my GF’s name and year of birth. there is no evidence of my gf anywhere besides me emailing her 2 memes when her phone was broken, but even then her email is only her name and not her YOB (if he did go to my sent tho, he would see her right away as i only have sent like 12 emails from that account which would make more sense). This password was not in the google pw manager which tells me he deleted it from there but FF synced it. I tried logging in with those credentials to the ATT website and an account indeed exists, with a $245 payment due with no payment method added. I couldn’t see anymore without verifying through text, and the options all looked like random foreign numbers. Has anyone had anything like this happen to them? Why would they go out of their way to do that instead of generating a randomized password? I am willing to share the email address.

Upon closer inspection, the password was created on April 14th and used on May 21 which means it was actually before I got that malware. Another likely scenario is my info was part of a leak. Thoughts?

    • jeremyparker@programming.dev
      link
      fedilink
      English
      arrow-up
      26
      ·
      6 months ago

      I dated a girl named Password for a while. She was a lot older than me, she was born in the year 1234.

      Anyway, @op the exact same thing happened to me. I gotta get smarter about opsec.

      • kambusha
        link
        fedilink
        English
        arrow-up
        3
        ·
        6 months ago

        Reminds me, back in 2002, when I met Hunter.