Question about been hacked

[Victoriajolie]

So I got my “free out of jail card “ phew not anymore on the penalty box �� .
For those that may start rumors lol because we know it never happen here lol
I served my banned time thanks Mods for letting me back.

So last week end I got hacked first on tryst (kept saying wrong password & I wouldn’t receive the password recovery email) then I notice on my profile they changed my phone and add a deposit of 25% which I never asked. Then twitter log out(still working getting on but I create an other handle meanwhile VictoriaJMtL) and when I tried password recovery the email partially displayed wasn’t mine .Then an other advertising site same phone number changed on my profile as well as my bio..Following by an other
I’m puzzle how it got compromised as I don’t recall clicking on the scam messages
My passwords are different
If anyone have extra tips of security to avoid it it would be great as my website got hacked 5 years ago and I was blackmailed to have everything erased on my hosting company server
Thanks VJ

[SlowHand50]

Don't use easy-to-guess passwords (like 1234 or password).
Don't use the same bad password for all your sites.
In every password you use, include caps and lowercase, numbers and some non-letter characters in it, like $ or & or @. The longer the password is in terms of number of characters, the better.

[Ohitsthatguy]

A password manager is good tool. I recommend LastPass.

[aloysius.x]

Tryst has multi factor authentication (MFA)

1. Download Microsoft Authenticator to your work phone.
2. In your Tryst dashboard, click on the "Enable MFA now"
3. Click on the "Setup time based token authentication"
4. Scan the QR code with the Microsoft Authenticator.
5. Enter the token number from the Authenticator. (Wait for the latest time to start over with new number so you have plenty of time)
6. Enter your current password.
7. Click confirm setup.

Now when you log in, you will need your phone and password. So for someone to hack you again, they'll need your password and phone.

Just remember, i before you change phones, you'll want to disable multi factor authentication then resetup MFA with your new phone.

[aloysius.x]

Quote:

Originally Posted by Ohitsthatguy

A password manager is good tool. I recommend LastPass.

I use Keepass myself but any is better than none.

[aloysius.x]

Quote:

Originally Posted by SlowHand50

Don't use easy-to-guess passwords (like 1234 or password).
Don't use the same bad password for all your sites.
In every password you use, include caps and lowercase, numbers and some non-letter characters in it, like $ or & or @. The longer the password is in terms of number of characters, the better.

Phrases are easier to remember then cram a digit and special char in there like "untilthenexttime007!" 20 chars it will take all the computers in the world 1000 years to crack using brute force.

[Victoriajolie]

Thank you so much all much appreciated. That particular day I had 2 warnings someone was trying to get to my Gmail.
Sad part I have so many passwords lol I'm not good to remember lol. Yes, I could remember you the shirt you wear, the discussions we had if we had one, but suck at number & passwords. I currently have two personal emails that since I left my iPad at TSA & they didn't find it I no longer get access

My biggest fear is that scammers will scam guys and i will lose my credibility & reputation as it's my pics and reviews that appear but different contact info and deposit. It would stain my reputation.
I'll try what it's been said
Thanks
VJ

[Gostik]

I use 1Password for all passwords that are randomly generated and Authy for two factor authentication on all important accounts. If you don't want to go that far (and you should to be anywhere near safe, although safe isn't truly possible), here's a simple way to be a little safer that everyone should learn to prevent password reuse (technically):

Have a base password that include an uppercase letter and number, let's us Appl3 (three instead of e). Then add the first few letters of a given website to the end, so for ECCIE it would become App13ecc (I do all lowercase for websites). This simple step makes sure your passwords are almost all different. If it requires a symbol have a symbol you always tack on the end such as !.

Hackers don't guess your password, and most don't get it from tricking people. They get it by finding or buying passwords from server hacks. If you use Apple123 as your password everywhere, and they hack applesucks.com and your account there has that password, they just guess you reuse that password at Paypal, eBay, Tryst... everywhere. By just tacking on a few letters based on where the account is, you're ensuring that you aren't reusing the exact same password everywhere and minimizing your risk.

[Laurenspencer]

Quote:

Originally Posted by Victoriajolie

So I got my “free out of jail card “ phew not anymore on the penalty box �� .
For those that may start rumors lol because we know it never happen here lol
I served my banned time thanks Mods for letting me back.

So last week end I got hacked first on tryst (kept saying wrong password & I wouldn’t receive the password recovery email) then I notice on my profile they changed my phone and add a deposit of 25% which I never asked. Then twitter log out(still working getting on but I create an other handle meanwhile VictoriaJMtL) and when I tried password recovery the email partially displayed wasn’t mine .Then an other advertising site same phone number changed on my profile as well as my bio..Following by an other
I’m puzzle how it got compromised as I don’t recall clicking on the scam messages
My passwords are different
If anyone have extra tips of security to avoid it it would be great as my website got hacked 5 years ago and I was blackmailed to have everything erased on my hosting company server
Thanks VJ

Welcome back VJ ! It's always a pleasure to see your presence on the board , you bring light and positivity . I have heard of other providers having this issue as well . Your friend Exchequer is very good with computers and Im sure he can help you get this all worked out and get your accounts locked up like Fort Knox so this does not happen again . So sorry this happened to you

Ex where are you ??? Provider needs help alert

[SlowHand50]

Quote:

Originally Posted by aloysius.x

Phrases are easier to remember then cram a digit and special char in there like "untilthenexttime007!" 20 chars it will take all the computers in the world 1000 years to crack using brute force.

True, but it's fairly easy to work a digit or special character in there in place of a letter it resembles, like a 3 instead of an e or a 1 instead of an l, $ instead of an s, etc.

Go with whatever works for you. Just avoid anything close to the stupid-simple passwords that show up in all of those lists when you Google "easily guess passwords."

[CatMan4u]

Sorry you got hacked
Is there not enough business to go around
Not every client/ provider is your cup of tea
That doesn't mean anything bad for either side of the coin just saying that we all have different tastes