Encrypt all the things!

^ this is a good suggestion.

just be wary discord has its own scam risks, i believe it's quite common for people to try and steal gaming accounts through a mix of social engineering and phishing attacks.

https://www.aura.com/learn/discord-scams

Hey all, thanks for all the input, really helpful. I'm trying to find that balance between caution and killjoy! Yes, I've dabbled with some NFT stuff via discord, the scamming and social engineering going on in that field is rife. My thinking was Discord would be slightly more private as you're not giving out your phone number? There's something I don't like about the idea of you're number being out floating around somewhere, but then I also feel I may be over thinking and being overly cautious/paranoid.

you could maybe look at hooking whatsapp up to a voip virtual number so it's not connected to their actual number and just functions as a glorified old school messenger app.

Yeah, something like the above, and then having access to it yourself via Whatsapp Web so you can periodically keep an eye on things.

Not sure if this is the right place, but layman's terms advice appreciated, I'm no techie.

Work was hit by a cyber attack over the weekend and comms have been lacking any real detail. Various systems affected, but email still working and we've not been informed of anything we shouldn't try to access. My work laptop has had new antivirus added to it, but shows no obvious changed behaviour apart from being slow.

Worked from home today using my home WiFi, which is a virgin home hub in modem mode linked to a rax 40 router which is now a few years old.

After a few hours work this morning using the company surface I lost internet which I thought was just a short supplier outage, but after a few checks it seems my router just won't play ball at all. The weirdest bit being that the WiFi networks for each band had changed name. From netgear72 to netgear53, so nothing in the house would connect up. I tried everything from power cycles to full factory reset, but I just couldn't access the router via the app again.

Ultimately I've removed the router and returned the virgin hub to router mode and then gone through hours of reconnecting everything in the house.

Any chance of a link with the work attack here? Or is it just coincidence?

Possible link.

But netgear routers are pretty famous for being compromised because they're not great about
being security paranoid and they don't aggressively provide updates (including to models long out of warranty).

There's a general https://www.highspeedinternet.com/resources/how-to-fix-a-hacked-router is my router hacked article.

But if you even doubt it, you need to factory reset and reflash things, and then rebuild up the configuration from scratch (do not use a backup config).

Ultimately whether it's related to work is speculative and not constructive, it could be, it might not be, but if you think it's compromised you need to be cleaning it.

This is where things get scary though, if your assumption is that anything on your local LAN was safe and nothing was password protected with non-default passwords - how can you now trust all the things on your network?

Thanks for taking the time to reply. Consider me now scared, but too incompetent to do much about it! I will now just assume my tele, speakers, clock, phones and tablets have me under constant surveillance.

My WiFi performance actually seems better coming from the virgin hub 5 than the fancy Netgear router, so it won't be used again.

I pay a couple of dollars to Google each month for storage. They just announced that my "Google One membership" now includes VPN. Not sure how new this is - but it's only just being rolled out here in Australia.

They make sure to say that they don't collect any usage metrics for marketing reasons, but you make up your own mind how much you trust that.

Just thought it was interesting.

This is going around https://sackheads.social/@Cloudguy/110256209708866473

For those who trust me:

Goto your Amazon account, sign out of all your devices, everything, everywhere all your Echos (yes I know it's a pain), reset your password, delete 2FA and any tokens and reset them. Now.

That doesn't include Fido / Yubikeys but does include Auth tokens.

Do it now.

As much a pain as it is to reset Echo and all smart devices, trust me, please do it.

I can't tell you more yet, but I am being ethical and you need to actually realise I have a clue.

It's been a scary day

I'm not fully buying it, because Amazon accounts and AWS accounts are intrinsically linked and the alarms would've rang a lot louder than a post on Mastodon.

But it's not harmful to update passwords and rotate 2FA credentials... so probably worth doing if you own AWS things.

Amazon accounts and AWS accounts are intrinsically linked

Amazon just unlinked them, at least they forced a password reset because they're not the same accounts now. There was an email.

Greetings from Amazon Web Services,

In the past, you have used the same email address and password to sign in to Amazon.com and AWS. In response to customer feedback, AWS is updating your account to make your access to Amazon.com and AWS independent. You can continue using this email address and your current password to sign in to Amazon.com. However, the next time that you sign in to AWS, you will be prompted to create a new password and will have the option to register a new multi-factor authentication (MFA) device. MFA is a best practice that adds an extra layer of protection on top of your email and password.

AWS will never email you and ask you to disclose your password. You will see the prompts to create a new password and register a new MFA device only when you visit the AWS Console at https://console.aws.amazon.com which will direct you to our secure sign-in experience hosted on the signin.aws subdomain.

This update to your AWS account also gives you the option to secure your AWS sign-in with additional MFA device types such as hardware security keys [1]. In addition, this update can help you monitor root user activity with AWS CloudTrail at no additional cost [2].

[1] To learn more about the types of MFA supported on AWS, visit our AWS IAM MFA User Guide: https://docs.aws.amazon.com/IAM/latest/UserGuide/id_credentials_mfa.html
[2] To learn more about about monitoring sign-in events to the Console, visit our AWS CloudTrail User Guide: https://docs.aws.amazon.com/awscloudtrail/latest/userguide/cloudtrail-event-reference-aws-console-sign-in-events.html

Is it a good time to short Amazon stock as well?

When was that? Do you have a date?

Edit: Late 2022

I only reset mine in April because I only received the email on March 12th this year. I don't use my personal AWS account much so there didn't seem to be a rush.

Is bitwarden still the goto for password managers? Mine is upping their prices and forcing a migration so if I have to migrate, maybe now is the time to move to something else.

Does the Personal version allow sharing of passwords with others? ie. I share some logins to stuff with my partner.

Yes.

Thanks, I'll be back here in 18 months when I actually get around to this :D

Yes and can share logins with personal version.

Protonmail are offering a free VPN. Any thoughts on protonmail / protonmail VPN

Did anything seem to come of this? There was a whole bunch of stuff on his mastodon for a day or so, but it's all been deleted now (/the links go to a 404) including the original post.

Not that I know of.

Still no harm in changing passwords occasionally.

Absolutely, that was partly why I was happy to pass it along. Just curious is all 🤷🏻‍♂️