2

So recently I've been getting emails that X account has been accessed from Y country with an IP address that I obviously don't own. An example would be my Steam account which recently got accessed from India (but got foiled, hooray 2FA).

The problem is that I have no idea where the breach is coming from and how it's happening. My system is clean as far as I know, my network is more secure than a regular home network, I'm the only one using said network, I'm not using any caching/proxy/VPN servers, and I definitely have never been to India/Iran/Taiwan/etc.

The other problem is that I know someone definitely has a copy of my plaintext password(s) since, from the example above, Steam Guard only kicks in when the correct password is entered.

Changing passwords for all my accounts is out of the question since I have over 300 accounts spread across the web (which I think where the breach originated). My key accounts (email, social media, finance) are all protected by 2FA.

As a sysadmin admin-ing my own stuff, what measures should I take aside from the usual tips about breached accounts where the threat is unknown? (since usual advice usually assume the threat is known as far as my research yields)

Related: 1 2

Aloha
  • 910
  • 7
  • 14
  • 2
    I would assume 1 of the 300 services is compromised. – LvB Mar 18 '16 at 15:05
  • 2
    That's assuming he didn't use the same password 300 times... – Vahid Mar 18 '16 at 15:14
  • I assume you are using mostly different passwords across all those services. If not, assume the accounts are going to be compromised and used against you in ways you cannot imagine. – Alex Holst Mar 18 '16 at 15:43
  • Could always be a case of "same password but something new added to the end", which is just barely safer than reusing the same password everywhere. – WorseDoughnut Mar 18 '16 at 16:54

1 Answers1

5

Are you sure that changing your 300 passwords is out of the question? Would you rather open 300 support-tickets to reclaim your accounts?

You should think about setting up a password-database like KeePass2 or simmilar in the process of changing you passwords, this will help you setting different passwords for each account.

The threat seems to be the person or group that got access to your plaintext password. If you got no idea how this could happen, you should not consider your system clean and do a reinstallation of all your boxes.

hub
  • 361
  • 1
  • 11
  • 1
    Indeed. I don't see how anyone could consider their system clean in this situation. – Alex Holst Mar 18 '16 at 15:50
  • 1
    Advice followed. I'm now using a fortified password manager. All passwords have been changed, and any new breaches are now contained to that specific account only. – Aloha May 16 '18 at 18:34