19

This is an attempt to ask a canonical question to expand upon another post with a similar name. The goal is to create something helpful that can be used as a duplicate when non experts ask about personal credentials being stolen.

Let's say that I have determined beyond doubt that a malicious party had root access to my computer. Lets assume that the computer has since been recovered (virus free) ... but it is likely that any personal information on the box was stolen.

  • What do I do now? How do I protect myself?
  • How secure are auto-saved passwords in a browser?
  • How secure are passwords that have been saved in a password manager?
  • Do passwords really need to reset for all accounts?
  • Do all Credit Cards used with this computer need to be cancled?
  • What about archived Tax Paperwork (with SSN & Bank Info)?
  • Do friends and other contacts need to be notified to prevent them getting scammed by the attacker pretending to be me on Social Media?
  • What other attack vectors should be considered.
CaffeineAddiction
  • 7,517
  • 2
  • 20
  • 40
  • 1
    Attention Mods: I suspect this topic might be too broad and am open to suggestions – CaffeineAddiction Jun 09 '18 at 17:09
  • 1
    @mentallurg this is an attempt at a "canonical question" as stated at the beginning. If the community gets a lot of the same sort of question, the community can propose a single catch-all Q/A thread so that there are not numerous duplicates of the same sort of answers. – schroeder Jun 10 '18 at 10:15

4 Answers4

14

How secure are my auto-saved passwords in my browser?

Terribly insecure. These passwords are trivial to retrieve.

How secure are my passwords that have been saved in a password manager?

Not very secure at all. If someone had root access to your computer, it's trivial to implement a key logger, or even a plugin to your browser to snarf them before they go out.

Do I really need to reset every password on every account I own?

Only the ones you care about. I likely wouldn't reset my password to adobe.com that I had to register to just to download Adobe Reader. But I would reset my bank and email passwords. Email is of course used to reset passwords. Turn on 2 factor authentication for your bank, email, and anything else that's important. These are all judgement calls about what you consider valuable and what's an acceptable risk. YMMV


Do I need to cancel all Credit Cards I have ever used on that computer?

Credit Cards have fraud protection built in. I myself have had at least 3 incidents where there's been fraud on my CC accounts in the past decade. I never paid a dime for these events, and they went away easily. If you want to avoid the hassle of having to go through this process it's best to cancel the cards, but this is likely the least of your concerns.


What about my archived Tax Paperwork (w/ SSN & Bank Info)?

There's little you can do about your SSN. You can change your bank account numbers relatively easily, though with some hassle. Given the threat, I'd recommend going through the hassle.


Do I need to notify my friends to prevent them getting scammed by the attacker pretending to be me on Social Media?

If you change all the passwords on social media, change all your reset questions, and change all your email passwords, it's not terribly likely someone is going to be able to impersonate you.


What other attack vectors should be considered.

Primarily identify theft. People applying for loans/credit cards/cell phone service, etc under your name. This is a question in-and-of itself, that deserves another question entirely.

Community
  • 1
Steve Sether
  • 21,480
  • 8
  • 50
  • 76
2

The short answer is yes you should do all those things.

I never let passwords auto-save in the browser because it is pretty easy to yank them out.

For LastPass it would depend on what access the attackers had. If they had a key logger you're toast. If not you might be OK. I use LastPass but I have the settings pretty locked down, it logs me out every 30 min, it only remembers my email, never auto-fills on websites, and I use 2 factor authentication. To be safe I would change your LastPass password and have it generate unique passwords for all your websites, and use 2 factor on everything that offers it.

If you are worried that your identity has been stolen I would consider changing card numbers, also for the future I know that Capital One is offering a service that creates a new number for every website that is only valid with that website, so if any website gets hacked you will know right away, and won't have to change your card everywhere else. I would also put a credit lock on all the big services (Equifax, Trans Union, ect..). I do this all the time anyways just in case, it can be a pain if you happen to need a loan, but I think it's worth the work.

This is what I would do, but I'm sort of a "tin foil hat" kind of guy. Good luck.

Mik Lik
  • 31
  • 4
1

First part of my answer is going to be the same as above. Yes, best practice is to do all those things you mentioned. Change passwords everywhere, make a list of your own sensitive files that could be of use to someone (pictures, documents etc) and check what was the last time any action was done to these (copy mostly) and notify anyone you might be sharing any of these information (files associated with work, connections in social media etc).

Last, but not least: make sure you won't fall for it again. You can never be absolutely secure, that's inevitable. But someone somehow managed access to your computer. Define how and make sure it won't happen again - at least not the same way. Store very sensitive files externally (not in cloud). Also, if you want to have stored passwords locally in browsers, password managers etc, make sure you take some time to look at extra settings, improving their security. Firefox for example, has master password. Do as much as possible so this won't happen again, or if it does, the damage will be less.

Chris Tsiakoulas
  • 1,757
  • 1
  • 9
  • 9
1

Adding to Steve's answer:

You may want to consider factory resetting any computers on the same local area network during the time of infection, especially if they were vulnerable to the same method used to hack your computer.

The same goes for storage media which have connected to the infected PC- plugging an infected flash drive into a clean computer could end up with you back in the same mess.

This might include your home router, cellphone, flash drives, CDs, and other computers on your LAN. The best bet is to take them all offline and to reset them one at a time so they can't be reinfected by other parts of your network. Of course, any authentication materials on these devices should also be rotated from a likely safe computer.

returneax
  • 552
  • 2
  • 8