cancel
Showing results for 
Search instead for 
Did you mean: 

My account was hacked

pjmac177
Great Citizen / Super Citoyen

Just for the benefit of others, I am passing along the experience I had over the last couple of days in the event you run across the same thing.

 

My episode began when I could not get phone or text service, although internet was ok.  I began searching for the cause with the much appreciated help of members of this forum.  I finally determined that the SIM card needed to be replaced and I did so--that is when the fun started.  I could not add the new SIM because the SIM # on my account was NOT the SIM # in the phone!!  Then I tried to change my password, and could not do that.  I could be wrong, but that presented to me a hacked account.  

 

I sent two messages to the Mods, but never received a response.  I kept trying over the course of the day to change my SIM card #, and could not.  Suddenly, I was able to change it, along with the password, and all was fine.

 

I am assuming the Mods did something to the account to allow the change, but, if so, they did not advise me (and still haven't hours later).

 

So....if you lose service for no apparent reason, consider checking the SIM  # on your account to see if it matches the SIM # on the card in your phone.

 

Thanks again to all those who responded to my messages with very helpful advice.  If the Mods are alive, I'd like to know if you did something.

 

Regards

14 REPLIES 14

gurmad
Great Neighbour / Super Voisin

rtet

gurmad
Great Neighbour / Super Voisin

try

 


@oneworld wrote:

I think its important to understand why to never use the same password twice (I'm not saying anyone here did that), it must be "unique" as mentioned in the linked article above. Because once they have access to the email account through a compromised password, they will methodically try that same exact password on every single account they see in the inbox/sent emails e.g. google pay, apple pay, PM etc.. and this is not even to mention the resetting of accounts that they see and can then start trying. So to begin with, in some cases, it may not be targetted, they don't even need to know your name or number just a password and the associated username/address. In addition to having unique passwords, deleting emails regularly might be helpful too if we want to be proactive. Also google the words "have i been pwned" to check on email address compromises. https://haveibeenpwned.com/

No need to to report back here @pjmac177 with any further info - probalby best not to reveal stuff, just very sorry that this happened and just trying to shed some possible light for you and/or others.

 

Why would someone want to give the email address to them?  It would be more credible if they weren't asking for money and donations.

@pjmac177Once your 2FA app has been setup (I like Authy because it offers the option of backup vs Google Authenticator).. remember to turn off the option to use your phone # as an authentication tool!

Anonymous
Not applicable

@oneworld wrote:

I think its important to understand why to never use the same password twice (I'm not saying anyone here did that), it must be "unique" as mentioned in the linked article above. Because once they have access to the email account through a comprimised password, they will methodically try that same exact password on every single account they see in the inbox/sent emails e.g. google pay, apple pay, PM etc.. and this is not even to mention the resetting of accounts that they see and can then start trying. So to begin with, in some cases, it may not be targetted, they don't even need to know your name or number just a password and the associated username/address. In addition to having unique passwords, deleting emails regularly might be helpful too if we want to be proactive. Also google the words "have i been pwned" to check on email address comprimises. https://haveibeenpwned.com/

No need to to report back here @pjmac177 with any further info - probalby best not to reveal stuff, just very sorry that this happened and just trying to shed some possible light for you and/or others.

 

And give THEM my email addresses!? I think not.

Uh yeah can I give you my name, address, SIN and birthdate so you can tell me if I've been compromised? yeah...not gonna happen.

oneworld
Good Citizen / Bon Citoyen

I think its important to understand why to never use the same password twice (I'm not saying anyone here did that), it must be "unique" as mentioned in the linked article above. Because once they have access to the email account through a compromised password, they will methodically try that same exact password on every single account they see in the inbox/sent emails e.g. google pay, apple pay, PM etc.. and this is not even to mention the resetting of accounts that they see and can then start trying. So to begin with, in some cases, it may not be targetted, they don't even need to know your name or number just a password and the associated username/address. In addition to having unique passwords, deleting emails regularly might be helpful too if we want to be proactive. Also google the words "have i been pwned" to check on email address compromises. https://haveibeenpwned.com/

No need to to report back here @pjmac177 with any further info - probalby best not to reveal stuff, just very sorry that this happened and just trying to shed some possible light for you and/or others.

 

pjmac177
Great Citizen / Super Citoyen

Yes, I am goint to go with the 2FA app.  Didn't know this existed until I was hacked.  Guess there are lots in that same boat.

 

Just changed my phone number.  Changing was easy.  Not sure what other problems it will cause.

 

Thanks again for advice.

@LovesToPMNone of your practices can really prevent what had happened. Someone know who pjmac177 is in real life (at least name, phone number at the minimal) and had proceeded to go out get a new phone card probably prepaid, port out his number and take over his life. These things are preplanned and methodical. There had been huge data leaks by Canadian corporations in the past eg Bell, Home depot etc.. The best way to defend is to get a credit monitor and enable 2FA via apps / tokens if possible.. avoid using phone number as authenticator

LovesToPM
Mayor / Maire

@pjmac177 Thanks for sharing your experience. Luckily you have re-established access to your account(s).

 

Once a hacker has access to your email and your phone, they can do considerable damage.
If this is the case, you likely have a security issue at hand.

Unauthorized charges in the past related to online accounts may also be a red flag.

 

As a friendly reminder, here are some general practices to follow to keep your accounts safe.
Top 10 Internet Safety Rules & What Not to Do Online

 

There might be more suggestions such as:
- Use VPN service if you use public wifi.
- Restrict your account logins to one device, which is used only for business purposes.
- Register for a new email adress if your old one was compromised.

pjmac177
Great Citizen / Super Citoyen

@GinYVR wrote:

 

 

Also if you have time do file a report at Canadian Anti Fraud Centre (online), and file a police report.. these things are hard to catch but if the police has data points and you have time.. it helps a lot.


Thanks.  I will do that.  As you say, every little bit helps

@pjmac177yes it is hard to trace.. also in the future use a software authenticator eg Google's Authenticator or Authy instead of the phone option. They receive a key based on the QR code the website initially generate eg Gmail. The key and the time create a 6 digit code, changes every minute. That way, even if phone has been ported against your will, the hackers would have trouble accessing your accounts which is protected with a software based 2FA. I know not all accounts eg banks allow that, but do it for accounts (emails) that offers that option. Make your email hard to access by outsiders is always a good start.

 

Also if you have time do file a report at Canadian Anti Fraud Centre (online), and file a police report.. these things are hard to catch but if the police has data points and you have time.. it helps a lot.

pjmac177
Great Citizen / Super Citoyen

You are right.  I started changing passwords and even my email address yesterday.  It is a lengthy process, and with everything linked to everything (i.e cell # , other email addresses, etc), it is almost impossible to determine where the hack came from.  Fortunately, some sites notify you whenever something happens on the account so you can address it early.  Had several unauthorized charges from Uber on Paypal before I could cancel credit card.

 

Anyway, appreciate the help from you volunteers on this site and I hope I can pay it forward a bit over time.

GinYVR
Mayor / Maire

Hi @pjmac177 You should definitely ask because if it indeed had been unauthorized by you, that have huge implications to the safety of your accounts that is associated with the phone eg banking. Honestly I doubt Public Mobile will acknowledge they got hacked, that's just not modus operandi for large corporations to admit liability.. As a precauction you should change all your passwords to more secure ones, or use a password manager like lastpass.com or remembear.

 

 

dabr
Mayor / Maire

@pjmac177 wrote:

Just for the benefit of others, I am passing along the experience I had over the last couple of days in the event you run across the same thing.

 

My episode began when I could not get phone or text service, although internet was ok.  I began searching for the cause with the much appreciated help of members of this forum.  I finally determined that the SIM card needed to be replaced and I did so--that is when the fun started.  I could not add the new SIM because the SIM # on my account was NOT the SIM # in the phone!!  Then I tried to change my password, and could not do that.  I could be wrong, but that presented to me a hacked account.  

 

I sent two messages to the Mods, but never received a response.  I kept trying over the course of the day to change my SIM card #, and could not.  Suddenly, I was able to change it, along with the password, and all was fine.

 

I am assuming the Mods did something to the account to allow the change, but, if so, they did not advise me (and still haven't hours later).

 

So....if you lose service for no apparent reason, consider checking the SIM  # on your account to see if it matches the SIM # on the card in your phone.

 

Thanks again to all those who responded to my messages with very helpful advice.  If the Mods are alive, I'd like to know if you did something.

 

Regards


That must have been an awfully frustrating experience, but I don't understand why the mods haven't responded back to your messages, if they did something to make your account right again you are entiltled to know.  I would message them again and ask for an explanation and also what you (and rest of us) can do to prevent this from happening in the future, if possible.  Thanks for sharing what happened.

Need Help? Let's chat.