So few weeks back got a facebook notification that due to security concerns they were locking my account and I needed to do reset password to unlock it. We were in LA for the week so I assumed it had something to do with the system seeing me in multiple locations at once and didn't think much of it. I didn't click on any links but went through the facebook app to do the reset.
I reset my password and then a few days later it happened again, but this time while I was trying to reset it someone was actively locking me out of it (changing email, removing phone). This was an old facebook account I don't use often, so losing it wasn't of that much importance to me -- I reported it hacked and that was that.
About 4am I received multiple notifications from both my Bitcoin wallet and Paypal about 2FA code requests. So determined at this point this was obviously a much larger issue than facebook. The 2FA kept anything from being compromised. I immediately changed all my passwords (which were all different for different sites -- not a common pw) and uninstalled LastPass (since I knew of the breach) and setup 2FA on everything.
Now worth mentioning as said before I use different passwords for different sites -- and these sites often had different emails associated with them as well. So did not seem like any kind of attack where they had my email and was just trying one password on tons of sites.
So since the switch (to now 1password) and changing of passwords again + 2FA, I've been cautious but had not seen any signs of anything else amiss. But tonight I received an email from Slack saying the following:
We recently became aware that the cookie for the following account(s) was discovered on a suspicious server operated by an unknown actor. This is likely the result of malware installed on a computer you used to log in to Slack.
myslackusername and a slack channel I frequent (ie. this isn't Spam).
It's telling me they've invalidated the cookie and I will need to log back into Slack.
Now, I've run Malware Bytes and Bitdefender on my main desktop PC -- both come up clean. I'm running it on my laptop now but assume I'll find the same. Is there a similar app I can use on my phone (the only other thing I've ever connected to Slack with)?
Any other advice?
I reset my password and then a few days later it happened again, but this time while I was trying to reset it someone was actively locking me out of it (changing email, removing phone). This was an old facebook account I don't use often, so losing it wasn't of that much importance to me -- I reported it hacked and that was that.
About 4am I received multiple notifications from both my Bitcoin wallet and Paypal about 2FA code requests. So determined at this point this was obviously a much larger issue than facebook. The 2FA kept anything from being compromised. I immediately changed all my passwords (which were all different for different sites -- not a common pw) and uninstalled LastPass (since I knew of the breach) and setup 2FA on everything.
Now worth mentioning as said before I use different passwords for different sites -- and these sites often had different emails associated with them as well. So did not seem like any kind of attack where they had my email and was just trying one password on tons of sites.
So since the switch (to now 1password) and changing of passwords again + 2FA, I've been cautious but had not seen any signs of anything else amiss. But tonight I received an email from Slack saying the following:
We recently became aware that the cookie for the following account(s) was discovered on a suspicious server operated by an unknown actor. This is likely the result of malware installed on a computer you used to log in to Slack.
myslackusername and a slack channel I frequent (ie. this isn't Spam).
It's telling me they've invalidated the cookie and I will need to log back into Slack.
Now, I've run Malware Bytes and Bitdefender on my main desktop PC -- both come up clean. I'm running it on my laptop now but assume I'll find the same. Is there a similar app I can use on my phone (the only other thing I've ever connected to Slack with)?
Any other advice?