Making sure I'm secure

**anon5123** · 2014-04-27, 06:36 PM

So after using some kind of VPN program by the name of "Hotspot Shield" a few days ago, both of my Google accounts got suspicious logins from Pakistan, and today I was notified that my eBay account had a suspicious login as well.

I went ahead and changed both of the Google passwords and set up the "two-step" security on them; changed my eBay password and the password of the Hotmail account attached to it.

Neither my Paypal or bank account had any signs of suspicious logins, but I changed their passwords too. (Hell, even if someone got my bank account's online password, they'd still need my PIN and secret question answers :P)

Also ran a full Kaspersky scan, which came back clean. No keyloggers, no viruses, nothing.

Anything else I should do? Just wanting to make sure because I'm a bit paranoid now.

Deleted · 2014-04-27, 06:43 PM

Sounds like a keylogger, you might want to try several different antiviruses and Malwarebytes Anti Malware and see if they catch something. Some new keyloggers don't show up in security programs.

**anon5123** · 2014-04-27, 07:18 PM

Originally Posted by samthing

Sounds like a keylogger, you might want to try several different antiviruses and Malwarebytes Anti Malware and see if they catch something. Some new keyloggers don't show up in security programs.

I don't think it was; I never entered the password to either of my Google accounts (because I'm already logged into them all the time), and I haven't used eBay in months.

**Cyanotical** · 2014-04-27, 07:26 PM

well, if you were using the VPN, its possible the connection was not truly secure, especially if you were using it at a public location, there are tools out there that strip security at the gateway and make you think they are secure, but in reality force you to use non https connections (sslstrip)

its also certainly possible that someone has exploited heartbleed and either extracted your usernames and passwords from the VPN server, (all RU-VPN servers act as a proxy as well) or from the actual login servers

another possibility is that someone has lifted the usernames and passwords from your browser, or android device

thats not assuming your computer itself is compromised, there are literally hundreds of possibilities , if you have the wifi turned on, and can simply walk by you and get at a minimum where you live, where you travel, were you work, what hotels you stay in, what airlines you travel, if i stand by you for a few minutes, i can get cookies from your phone checking email and asking for app status updates

the annoying part is that i don't actually have to be near you, i can leave a dropship device, like a wifi pinapple, pwn plug, or pwn phone, or even a simple modified android phone, and hack your accounts remotely, thats actually what hotspot shield tries to protect against

you did the correct thing in changing passwords and adding 2 factor auth

**anon5123** · 2014-04-27, 07:32 PM

Yeah I'm pretty (99%) sure it was the "Hotspot Shield" VPN program that I used, even though I used it for all of 15-20 minutes. Shortly after I shut it off, both of my Google accounts got suspicious logins from an IP address in Pakistan, so I promptly deleted the fuck out of that program and set off to change my passwords.

My computer is currently on a secure college network (uses this convoluted registration system that completely locks out any network access until you register the computer with a valid student login) so I don't think it was any sort of packet sniffing or Heartbleed or anything. Pretty sure it was Hotspot Shield stealing my info.

But yeah, I changed passwords and added 2-step authentication wherever I could.

**Cyanotical** · 2014-04-27, 07:43 PM

Originally Posted by anon5123

Yeah I'm pretty (99%) sure it was the "Hotspot Shield" VPN program that I used, even though I used it for all of 15-20 minutes. Shortly after I shut it off, both of my Google accounts got suspicious logins from an IP address in Pakistan, so I promptly deleted the fuck out of that program and set off to change my passwords.

My computer is currently on a secure college network (uses this convoluted registration system that completely locks out any network access until you register the computer with a valid student login) so I don't think it was any sort of packet sniffing or Heartbleed or anything. Pretty sure it was Hotspot Shield stealing my info.

But yeah, I changed passwords and added 2-step authentication wherever I could.

well it depends, assuming the issue is with hotspot shield:

the simple Occam's Razor:
the VPN server you connected to is in pakistan, which would make perfect sense, the suspicious logins were you logging in from pakistan

the compromise:
Hotspot shield is compromised, this would be bad, because HSS is a fairly common and widely popular VPN service

Malicious Service:
HSS could in fact be malicious, on top of charging you for service, they MiTM you as well, while unlikely, its not out of the question, top android apps have been found to be malware, just because it's popular, doesn't mean its safe or secure

**anon5123** · 2014-04-27, 07:52 PM

I can't think of any other cause for this. I haven't had any suspicious logins to any of my accounts...ever, as far as I can remember. But right after I start using this "Hotspot Shield" program, I immediately start getting suspicious logins to my Google accounts and my eBay account. So I'm pretty much completely sure that it was something with Hotspot Shield.

the VPN server you connected to is in pakistan, which would make perfect sense, the suspicious logins were you logging in from pakistan

But the thing is, I didn't log into my eBay account, yet my eBay account received a suspicious login. So that mostly rules out the "vpn server in Pakistan" thing. I didn't directly log into either of my Google accounts either, unless having Chrome open with its settings-connectivity counts as logging in. In which case, only one of my Google accounts was logged in, not both.

Furthermore, this is the info Google gave me on the suspicious logins:

For a completely free VPN service, I would not doubt at all that it either sells your info to 3rd parties, or has backdoors installed into it.

**lloose** · 2014-04-27, 08:56 PM

Get rid of it and use a different vpn. Doing a deep virus/malware scan would be in your best interest too.

**anon5123** · 2014-04-28, 12:33 AM

Originally Posted by lloose

Get rid of it and use a different vpn. Doing a deep virus/malware scan would be in your best interest too.

Yeah, I got rid of it after less than 20 minutes of using it and getting suspicious logins to my Google account.

Did a full scan with Kaspersky (pretty much scans every single possible file on every single drive attached to the computer) and it came back clean.

Recent Blue Posts

Limited PvP -> PvE Free Character Transfers

Mythic+ Dungeon Adjustments - 27 April

Mythic+ Dungeon Adjustments - April 26

The Cataclysm Classic Pre-Expansion Patch Arrives 1 May

Get Up to 33% off Select Game Services

Get Up to 33% off Select Game Services

This Week in WoW: 19 April, 2024

Recent Forum Posts

Season 4... Just old dungeons and new ilvl?

Mythic+ Dungeon Adjustments - April 26, 2024

Seasonal Poll: What Playable Race would u like to have in World Soul saga?

This Week in WoW - April 26, 2024

Dragonflight and Season of Discovery Hotfixes - April 25, 2024

S4 Elite PVP Set - Not Updated to Reflect Winning Tier? PVP Community Forgotten????

What game first sparked your interest in gaming? Was it World of Warcraft?

Thread: Making sure I'm secure

Thread Tools

Making sure I'm secure

Posting Permissions

Social Media

Services

Resources

Our Communities

MOBAFire Network