Two coincidental hacks?
July 21, 2020 9:23 PM   Subscribe

I came back to the internet after dinner Tuesday evening to find two seemingly unrelated account oddities/breaches.. Not obviously related but it's not like these happen to me a lot, and the closeness in time is puzzling to me.

1) Somebody reset my Grubhub account to their email, ordered KFC for pickup, paid with my saved card. About 5:30pm

2) Someone had sent a sequential series of join requests, supposedly from my gmail address, to a series of mailing lists at Stanford. It appeared to be an alphabetical set, starting and ending in the w's. 10 in total. The emails to confirm (which of course I didn't all had subject lines like "confirm 305a4a11905d682c60148c23b88a83428480108d" I also have the IP address these supposedly came from (I'm guessing that's spoofed/meaningless though) Around 7pm.

What I have done:
1) Locked my card at the bank online and calling to replace it first thing in the morning. (I was apparently too late tonight for the fraud division.)
Grubhub claims they can't have gotten my full number, but they shouldn't have gotten my damn account, either.

2) Reclaimed my account from Grubhub, changed password, etc. Grubhub deleted the stored card number and details; I cleared the home address which I probably shouldn't have.

3) Reviewed Google log-ins; there were none. I have 2-factor enabled and didnt' receive any notifications.

Are these related? What else should I be doing? I have the email the Grubhub account was changed to, the KFC pickup address, and a partial of the address from grubhub. Any legal ramifications I can bring down knowing that info?
posted by stevis23 to Computers & Internet (5 answers total) 2 users marked this as a favorite
 
So it sounds like they logged into your GrubHub account with your password to change the email? The most likely way they did that was by using a password that was leaked in a breach that you re-used. If that's the case, go change that password everyplace you have ever used it, and stop reusing passwords. Get a password manager like LastPass (or Chrome itself) and have them suggest and store unique strong passwords for, at minimum, every place you are going to save your credit card.
posted by agentofselection at 9:34 PM on July 21, 2020 [6 favorites]


You can check Have I Been Pwned to see if your account details are included in any known data breaches. If they are, ensure that you're not using the same password anywhere else. Obviously, it's not comprehensive, because that site only includes leaks that have been made public, but it's worth it to check.
posted by Glier's Goetta at 1:37 AM on July 22, 2020 [3 favorites]


Yes the flood of email signups may be related. They are to prevent you from noticing the email notification alert from grub hub that the email address on your account was changed. Distributed spam distraction
posted by evilmomlady at 4:22 AM on July 22, 2020 [5 favorites]


The flood of email signups is likely a related attempt at distraction, but perhaps reassuringly, it's not a "hack" - it doesn't require access to your email account. To sign up for these sorts of email lists (which generally use Mailman list manager software), you just enter your email address in a web form, and the server automatically generates a confirmation email like the ones you received. That confirmation email doesn't contain any information about the person who made the request. You click the link or respond to confirm the request, and then you're on the list.
posted by cogitron at 5:36 AM on July 22, 2020 [1 favorite]


My father's email had something similar... he got signed up for a ton of stuff, got some shipping confirmation stuff (with his home address and landline correct) but says that his cards are safe. I told him to check every day just to be sure. That was Monday I believe.

I got some notification from Chrome about passwords, and went to the password manager and grubhub, starbucks, paypal, dropbox, some job application platform like salesforce, and a few others were listed as compromised. This was Tuesday. About a year or two ago I started letting Chrome suggest good passwords, but there are a few that never got changed. And I'm pretty sure that 2010 me used the same password for at least a few of these sites. One good thing about it is that credit cards expire, so even hacking an old grubhub account got them nothing, even if they tried.

So yeah, superstrong random passwords for every site. And it wasn't just you.
posted by Snowishberlin at 11:35 AM on July 22, 2020


« Older Ok, I give up   |   Easiest and Muss-free Ways to Cook Frozen White... Newer »
This thread is closed to new comments.