Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Someone tried to access my Twitter account - need to be worry about Other Hacks?


  • Please log in to reply
11 replies to this topic

#1 PhilLatterly

PhilLatterly

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 20 April 2017 - 09:04 AM

I got an email saying that someone in a different geographical location tried to access my Twitter account. I clicked on the link to reset the password and did so.

 

The email was from verify@twitter.com so I think it was legit.

 

However, do I need to worry about my internet history and other sites I use being hacked, like banking, shopping, etc? 

 

I suppose what I am asking is, is there a way of telling whether this is an isolated attempt at Twitter, or has my whole system been hacked?

 

I use and run periodically SuperAntiSpyware and Malwarebytes, maybe once every month or two.

 

I have SpybotSearchAndDestroy, AVG antivirus and ZoneAlarm as general protection.

 

I am going spare with worry.

 

Doesn't help with the worry that the system seems to be 'sticking' when I click on things, which may be because of a huge Windows update overnight.

 

Has my whole system been hacked? What can I do?


Edited by hamluis, 21 April 2017 - 04:49 PM.
Moved from AII to Gen Sec - Hamluis.


BC AdBot (Login to Remove)

 


#2 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:09 PM

Posted 20 April 2017 - 01:57 PM

Does your new, reset password work for you on Twitter?

Have you seen any pop-ups recently that say "Call Microsoft Support Your System Is Hacked!"?

Did you download any programs recently?


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#3 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 20 April 2017 - 03:24 PM

Hi iMacg3, thanks for taking the time to reply. 

 

Yes, the password reset worked

I have seen no such popups now or at any time

I don't think that I have downloaded anything new, certainly not deliberately

 

Did all scans with ativirus, superantispyware, Malwarebytes and Malwarebytes Rootkit. All that was found was some adware by superantispyware.

 

One thing that worries me is this:  if you -

 

Click on your avatar

Select Settings & Privacy

On the left hand menu select Your Twitter Data

Enter password if prompted

 

There are a whole load of IP addresses that have accessed my account.  Some appear more than once, others don't. Again, is that indicating anything nefearious/untoward?



#4 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:09 PM

Posted 20 April 2017 - 05:27 PM

Do the IP addresses have any geographic locations near them? (I don't have a Twitter account, so I don't know much about how it works.)

Change your password again immediately and see if the IP addresses keep coming back.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#5 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 21 April 2017 - 04:47 AM

The location shows as Great Britain for all of them. A friend of mine in France did the same and she gets a lot of different IP addresses all beginning with the same two digits but different endings.

 

There are a lot of the IP addresses which have accessed my account which also begin with the same 4 digits. But there are many which don't.

These are all IPv4 addresses if that makes any difference.

My login data may be confused by the fact that I use an app called TwitLonger which enables you to write at length. You have to allow access to your account to use it. Some of the ISPs are registered to them. 

 

Some of the accessing of my account is at times when I wouldn't be using it like the early hours and very early in the morning.

 

But I am searching the IP addresses accessing on an IP lookup site. Some of these IPs are registered to Tiscali which owns my ISP, TalkTalk.

 

The information I can provide if needs be, to help you decipher what is going on (from the IP lookup site) includes:

 

IP address

HostName

ASN

ISP

Connection Type

County/Location

 

Some of the accessing is at IP addresses registered to Tiscali which owns TalkTalk, my ISP, as DSL, which is what I use (I think) But these accesses are at times when I just would not be online, as mentioned above.

 

Is my ISP accessing my account?

 

What, from the above informaton which is available from the IP  lookup site would help you decide whether I have been hacked?



#6 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 21 April 2017 - 04:55 AM

All of the Tiscali/TalkTalk IPs are located as London, which my own current IP address is so not concerned about that.

 

There is one of the IP addresses which is from an ISP here in the UK called Virgin. Not my ISP. BUT the IP locators put it as very close to me in location. SAs in a part of town about 1 mile away. One other IP address lookup has that IP address as being in my town.

 

It begins 77 and none of the others do. 

 

Could the IP lookups be mistaken and it was actually TalkTalk?


Edited by PhilLatterly, 21 April 2017 - 04:56 AM.


#7 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:09 PM

Posted 21 April 2017 - 10:45 AM

Your ISP shouldn't be accessing your account. Change your password as I said in the previous post and see if the IPs keep coming back again. 


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#8 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 21 April 2017 - 12:18 PM

Thanks! I have just also found a potentially-unwanted modification and I am going to start a separate topic on that. I hope you folks don't think I am taking-over the board. 

 

A different IP address checker:

 

http://www.ip2location.com/demo

 

has all of the IP addresses that have accessed my Twitter as being with my ISP or various guises of it like it's predecessor company name, holding companies, subsidiaries of it.

 

The locations shown for these IPs are places in my town or not far away. In fact, the current ISP shows a location that is not my EXACT one but a different part of my city.

 

This IP checker also identified one IP address as belonging to Virgin Media but also at a place in my town that is just a mile or so away.

 

Could all these IP checkers be wrong and the Virgin IP address just be mine?

 

Also the apps I use which access the account are TwitLonger, TweetDelete and (occasionally) unfavinator. 


Edited by PhilLatterly, 21 April 2017 - 01:58 PM.


#9 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:09 PM

Posted 21 April 2017 - 02:02 PM

These IP address lookups are accurate most of the time. Sometimes, however, there are errors. I can't be sure about who is accessing your account with Virgin Media. I suggest you post in the "Web Browsing, Email, and other Applications" section of this forum. Someone who knows more about Twitter than me can probably help you. I think that changing your password will help a lot, as an attacker can't get past a new password.


Regards, iMacg3

"Do, or do not. There is no try." - Yoda

#10 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 21 April 2017 - 02:17 PM

Thanks, I have changed it. Thanks for your help.



#11 PhilLatterly

PhilLatterly
  • Topic Starter

  • Members
  • 85 posts
  • OFFLINE
  •  
  • Local time:08:09 PM

Posted 01 May 2017 - 04:28 AM

Can anyone help me with this?

 

I think the link I clicked on that was from 'verify@Twitter.com' was fake. I have closed the account but am very worried about what they could have installed when I clicked on the link in the email which sent me to the (legit) Twitter log-in page. 



#12 iMacg3

iMacg3

    Bleepin' 68000


  • Malware Study Hall Senior
  • 1,032 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Indiana, USA
  • Local time:03:09 PM

Posted 01 May 2017 - 12:11 PM

Please copy the link by right-clicking the link and selecting Copy Link Address, then paste it in a notepad document. Check what letters are before the slash icon (/) and paste them into a post.


Edited by iMacg3, 01 May 2017 - 12:19 PM.

Regards, iMacg3

"Do, or do not. There is no try." - Yoda




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users