New on LowEndTalk? Please Register and read our Community Rules.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
All new Registrations are manually reviewed and approved, so a short delay after registration may occur before your account becomes active.
Can Google Authenticator be hacked?
Hello everyone.
Am having an issue with a well-known provider, they claim that my account was hacked and someone purchased a server.
- I was using strong password.
- Was using google authenticator.
- Authenticator was not installled on my phone in the date of hacked account.
Please advice as a good drama is on the way.
Thank you guys.
Comments
If someone holds your secret key or a recovery code, then yes, it can be
hackedcracked.Edit: Scan for trojans / keyloggers, RAT's, anything.
Never installed on pc. Codes never copied. Using malwarebytes since years and am not a por* guy.
I get what you're saying, but still, it can happen. For all you know, you have a third party trusted CA certificate sitting right in your Windows, waiting to accept all malicious self-signed certificates.
The alternative is that someone dumped your Google Authenticator secret code from the hosts database (it's stored in plaintext) and modified your password / email while they were at it. But that'd imply someone took the effort of breaking into a database only to get into your account, which is highly plausible.
Everything can hacked, even your fridge on your wifi.
Make sure to check that you have no keylogger on your device.
Theoretically you should be save with a 2FA on a second device, booth of your devices could be infested.
Did you got a password reset or something like that? Someone could try to get access over social engineering.
I would ask the provider to proof, when, where and from which location the order was deployed.
Password is still the same. Btw the hacker ordered the cheapest server. And a windows license.
Then it is even more likely this is caused on your side. Sorry.
Nothing changed! I dident get a invoice or a confirmation when server was ordered. All I got is an email that server delivered. This is realy strange. There is no hacker that will hack an account with 2auth and order a cheap server lol. Am waiting for a reply from the ceo and will open a thread with the drama.
Means?
It's highly likely this is on your end and not theirs. Please do scan for Trojans and such.
If you did not get any invoice, its likely that the provider directly assigned the server to your account, I had this once, when I asked for a server.
The Invoice came later manually generated, i guess you are flexible as Provider, you can skip this step.
Sounds like, they force you to pay for assigned servers, haha.
Seems to work for them.
Ask them for proof, that you ordered it, otherwise they can fuck off.
A contract usually needs 2 sides, if just 1 side gives you the server, you can deny it.
There is a log that an UK Ip was logged and ordered. The first reply of the supporter was: You ordered a server and windows already installed (means no refund if you install the server haha). Lets see how this ends.
My PC was switched off when the order was proceeded. Nothing to do with trojans.
Wow. You clearly don't understand how these work.
Yes, yes I do know.
No information was saved on PC regarding the provider as the PC was formated before a month and my last login to provider was I think before 3 months or so.
It's still possible that the attacker stole your credentials 3 months ago. This still doesn't answer how they might get access to your Google Authenticator.
Or the hacker exploited a bug with the provider that skips 2FA somehow
There are many layers that can be hijacked
but what about my strong password? How he can hack my password + 2auth and order a cheap server?
Possible answers without knowing the full stories are already given by others. We can't conclude something we only know little about, can we?
As @jetchirag said we don't know the full story. If its a bug in the software then your password might not matter. This is something only they can investigate
I'm assuming you have stored this strong password somewhere? A password manager or a .txt file that sits on your desktop?
Better question would be - is this a reputable provider? It's always good to look on both sides.
No chance. Am am also using different passwords on all websites ex: domain firt letter + password #+ domain last letter. ex: LpassComesHere!"§K
Yes with really good reputation. The issue is fixed now (I will not be charged for the services ordered by the "good hacker") so I will not make it public.
I'm really sorry, but if there's a pattern like that to all your passwords then this is not considered a strong password at all imo, unless "passComesHere" is also dynamic, at least 12 characters long and a mix of letters, numbers and special characters.
A strong password would be something along the lines of "j&(){\uqz<"}aB4xrtQk=5(V39nG]t57".
There is no need of password for someone to login under your account. If the "well known" provider has a XSS vulnerability, or you have been infected by a virus that takes your session cookies, yeah... The hacker is logged in into your account by default without the need to know your password/2FA.
Actually no. "All lowercase letters" are good enough.
12 character mix of letters numbers and punctuation means there is a character set of 80, which is 6.32 bits per character ( log2(80) = 6.32 ) . A total of 76 bits.
All lowercase letters means 4.7 bits per character ( log2(26) = 4.7 ). For a total of 76 bits security, you just need about 16 characters.
So, 16 lowercase letters = 12 complex mixed punctuation password.
You won't believe this math but it's true and that's how you calculate brute-force security. Just make sure you don't use dictionary words.
JYw;2Z(,S7J^ = rufwgbzuxriftdxb
No invoice and no charged? But got a server?
What if the provider that got hacked, need more drama here
I will pass this time as the other supporter handled the situation.
Maybe you were really drunk that one night when you ordered
Even the most rudimentary keyloggers can nab you. They're usually accompanied by a RAT/trojan/etc.
You're not immune. I have MB Pro and still I only use it on the side.