Hacked twice in the last month

C

CardsFan

Thinks s/he gets paid by the post
Joined
Dec 7, 2014
Messages
3,925
Location
St. Charles
About a month ago our Sam's Club account was hacked. Apparently got in with the username and password (found out both are on the dark web and am currently changing passwords).

Odd thing was, they did not use the CC's on file, but uploaded 2 more and used them. We got notified that our order would be ready for pick-up, 1200 miles away from us. Got on line and changed the password (why they did not do that eludes me.)

This week our Walmart account got hit (yeah same username and password, should have changed that the first time). This time they did try to use the CC's on file.

Fortunately, Capital one caught it, with both cards, and we are getting new cards. Again, the hacker did not change the password, so I could change it.

Kudos to Capital One. I have found their fraud alert system to be top notch.

Still don't understand the first hacker using other credit cards. Maybe it was a test run to see if they worked?
 
I have found that BOA has done a great job with anti hacking monitoring for us.
 
CardsFan said:
A

Fortunately, Capital one caught it, with both cards, and we are getting new cards. Again, the hacker did not change the password, so I could change it.

Kudos to Capital One. I have found their fraud alert system to be top notch.
Click to expand...
I haven't been hacked in a number of years but I'd agree Capital One's "systems, people and responses" seem to be better than most.
 
Moral of the story - use a password manager and different, strong passwords everywhere.
 
So did you use their CC's to buy anything?
 
mrfeh said:
Moral of the story - use a password manager and different, strong passwords everywhere.
Click to expand...
Actually, no. OP's uid and pwd were for sale on the dark web. A password manager and strong password would not have made any difference. In fact, few exploits begin with an exhaustive password cracking attempt, the only thing that "strong" passwords are good for.

The moral is probably to use different passwords for each site and to change them periodically. One of these days, too, a few of the password managers will be hacked, giving the hackers a candy store full of known good passwords. Personally, I do not have any critical (financial, etc.) passwords stored anywhere. Not in the browser, not in a password manager. I also limit my risk by never accessing a critical site from my tablet or my phone, either directly or via an app.
 
mrfeh said:
Moral of the story - use a password manager and different, strong passwords everywhere.
Click to expand...

+1
A password manager makes it easy to use long complex different passwords and different usernames (if not email) for every site.

Maybe there is a keylogger installed on OP's computer ?
 
Last edited:
Chase locked us out of our online access sometime last night. Had to call the fraud dept. Said either user name or password were compromised so I have no problem with that.

Three hours and six hang-ups later this morning I finally get to talk to someone in tech support. Seven or so minutes to have access again.

But every time I would be "transferred" to tech support, in 15-20 minutes the line would go dead. Supposed direct phone number for tech support puts you in the same que as the fraud number.

So Tech Support I give an A+ but Customer Service gets a big fat F-!
 
OldShooter said:
Actually, no. OP's uid and pwd were for sale on the dark web. A password manager and strong password would not have made any difference. In fact, few exploits begin with an exhaustive password cracking attempt, the only thing that "strong" passwords are good for.

The moral is probably to use different passwords for each site and to change them periodically. One of these days, too, a few of the password managers will be hacked, giving the hackers a candy store full of known good passwords. Personally, I do not have any critical (financial, etc.) passwords stored anywhere. Not in the browser, not in a password manager. I also limit my risk by never accessing a critical site from my tablet or my phone, either directly or via an app.
Click to expand...

My pwd manager warns me of known compromised IDs.
Any pwd manager makes it easier to change passwords (no need to remember which one is being used after a change).
 
rt-texas said:
Chase locked us out of our online access sometime last night. Had to call the fraud dept. Said either user name or password were compromised so I have no problem with that.

Three hours and six hang-ups later this morning I finally get to talk to someone in tech support. Seven or so minutes to have access again.

But every time I would be "transferred" to tech support, in 15-20 minutes the line would go dead. Supposed direct phone number for tech support puts you in the same que as the fraud number.

So Tech Support I give an A+ but Customer Service gets a big fat F-!
Click to expand...

OP here.

Not like that with Capital One, at least in our experience. We both called about the same time, no wait, and we were done with 5-10 minutes. New cards on the way. They did ask if 5-7 business days was OK (standard mail). We have other cards so we said OK. Not sure if they would have charged for overnight.
 
CardsFan said:
OP here.

Not like that with Capital One, at least in our experience. We both called about the same time, no wait, and we were done with 5-10 minutes. New cards on the way. They did ask if 5-7 business days was OK (standard mail). We have other cards so we said OK. Not sure if they would have charged for overnight.
Click to expand...


I agree. Have a Cap One account as well and few times I called got right through with no issues.

Once I had online access, I sent a message to Chase through my account and asked for the address to send my invoice to. Told the they owe me $450 for three hours of my time.:LOL:
 
folivier said:
So did you use their CC's to buy anything?
Click to expand...

:LOL::LOL:

I am still confused why they would use someone else's CC on the Sam's Club hack. Since our cards were not used, there was no notification from the CC company. I just happened to see the email from Sam's saying the order was received. I then logged in, changed the password, and cancelled the order.

The order was also being shipped to our name and address. Weird.
 
mrfeh said:
Moral of the story - use a password manager and different, strong passwords everywhere.
Click to expand...
Right. It sounds like the OP used the same user name password combo for a lot of stuff. I used to do the same. It just was easier to use my "usual credentials" on all the sites. Seems quite crazy now, but that's what I was doing. So usual credentials in one site that gets compromised, probably from a 'low value' site, and they can start trying those same credentials in 'high value' sites.

Random, different passwords everywhere is the only way to go. And that means using a password manager. It's now the way of things. I know one password, and that's the one to my password manager. The rest of the passwords are gibberish that I absolutely have no clue about.
 
sengsational said:
Right. It sounds like the OP used the same user name password combo for a lot of stuff. I used to do the same. It just was easier to use my "usual credentials" on all the sites. Seems quite crazy now, but that's what I was doing. So usual credentials in one site that gets compromised, probably from a 'low value' site, and they can start trying those same credentials in 'high value' sites.

Random, different passwords everywhere is the only way to go. And that means using a password manager. It's now the way of things. I know one password, and that's the one to my password manager. The rest of the passwords are gibberish that I absolutely have no clue about.
Click to expand...

OP here, and you correct. I have never used a password manager, but am willing to learn. Can it be used on multiple devices?

While we primarily use the laptop, we access some sites via cell. Can it work with both?

Though, as Oldshooter pointed out, our credentials were on the Dark Web. Maybe someone crunched the password the old fashioned way and sold it, or maybe it was found in one of the hundreds of data breaches.
 
CardsFan said:
Maybe someone crunched the password the old fashioned way and sold it, or maybe it was found in one of the hundreds of data breaches.
Click to expand...
Probably will never know.

Password managers are pretty easy to get going. The big "value add" of most password managers is that yes, they share across devices (except LastPass free doesn't any more). Dashlane free does, but has a limit to the number or passwords on the free version. On the free and open source model, there's "KeePassXC", which is my choice, now that LastPass started charging way too much for a poor product (poor product is ok for free, but not good to overpay for).

Basically, you load the software of choice on all your devices and you have one very long, non-guessable password that unlocks the "vault". The plug-in or app will help you populate passwords everywhere you go. And it will generate random passwords for you.

Once you get your password manager set-up, it will ask you if you'd like to save the password when it sees you logging into each web site that you deal with. You say yes. Then you immediately use the web site's "change password" function. You use the password managers generate random password feature. It should ask you if you want to replace your SOP with the random new password. Rinse and repeat.
 
You must log in or register to reply here.

Similar threads

A
PC security and hacking!
Replies
21
Views
1K
walkinwood
walkinwood
Janet H
Forum Update - We're back! Ask your questions here.
11 12 13
Replies
300
Views
8K
GenXguy
GenXguy
P
Credit monitoring/reporting agencies
Replies
19
Views
786
rk911
rk911
A
Is the IRS intentionally this obtuse???
2
Replies
30
Views
3K
indiajust
I
folivier
Amazon account hacked
Replies
21
Views
2K
Golden Mean
G

Latest posts

Back
Top Bottom