Okay so I'm double sure that the AWS incident resulted a massive data breach, as Google are adamant these are not due to them. I've had zero issues for over 20 years with my email account, and now all of a sudden I compromised to a degree that beggars belief right as the entire Web went down for a day.
I'm now having to update 241 passwords across all sorts of websites, from AA.com to xero. This is a fucking nightmare scenario but I have no choice save spending probably the next several hours or days cleaning the shit off my online self.
I recommend y'all start checking your stuff too. So far my hackers have only managed to change my LinkedIn email to some Indian one, and used discord to spam my mates about a crypto scam, so the impact is annoying but recoverable. Thankfully my bank stuff is all passkey biometrics + that password was never saved online so I'm not yet financially fucked, but that's only a matter of time if I don't fix this.
Wish me luck & prayers frens, gonna need it.
Prayers fren! 🙏🤍
Number of my apps running on AWS: ZERO. Beauty of building everything by scratch.
I used to use AWS all the time to run everything, but started moving more and more stuff locally and finally I stopped using AWS many years ago. Crazily after a year after I shutdown everything on AWS I started getting bills. Had a long fight with some Amazon call center to get rid of the bill and it was kinda fine but again 6 months later I got another bill. Thats when I went and deleted my account.
I vaguely remember a few days ago seeing something for that account - hopefully the hackers have not reactivated my account, kek.
Talking about Xero - I remember all the hype at the time when it came out, and my accountant moved to Xero and was suggesting I should use it too. Instead I sat down and coded a accounting app using PHP and its ugly as shit but its been working for me for the last 15 years or so.
Funny thing, I decided to use AI to rebuild it. I got a clean ledger balancing app done in like 2 hours. Still needs final touches, like importing my bank statements etc, but thats for another weekend.
I HAVE NOT TOUCHED AWS DUE TO THE NONSENSE THAT IS PLAYING OUT IN-FRONT OF US!!!!! I DO NOT TRUST AWS FOR ANYTHING!!!!!
I am in the process of standing up a stand-alone server with database and web APP...!!!!!
Prayers up!
Consider installing Bitwarden. It has phone apps, browser extensions and standalone apps. It's free (though I do donate annually). It keeps your password vault synced between all devices.
Bitwarden can generate long random passwords that are difficult to brute force and each one being different, can't be used to access other sites if a password was reused multiple times and there was a breach.
To log in, bitwarden provides auto-fill of username and password. It also manages 2 factor authentication so you can just paste the 6 digit code. Lots of nice features and peace of mind that your passwords and any other important notes, payment cards etc are stored encrypted with a master password.
If Bitwarden service were to shut down in the future, you still have all your passwords and they can be exported in various formats.
This sounds like an advert, but seeing what you're going through, I thought I should at least make the suggestion. There are many other password vault apps that are also great.. 1Password comes to mind. I haven't tried it, because I've been using Bitwarden for years now.
Same thing happened to me through a Discord webhook. I don't use that Chinese communication app anymore.
Good luck scrubbing, sorry this happened to you
2fa?
Most people use 2fa with thier mobile SMS, but it has become so useless once hackers started hacking into phone numbers using e-Sims. Nowadays its probably a good idea to go with one of those ever changing PINs.
damn, yeah thats rough im a 2fa app and passkey kind of person
Adding it to everything now, the only things not affected were 2fa'd. Thank god I had my main email setup for 2fa or I'd be proper fucked.
Prayers are with you and get a GOOD VPN...that way they have to go through 2 walls of protection!!!!
Good Luck and don't forget to check ALL OF YOUR BROWSERS AND ANY PASSWORDS THAT WERE/COULD HAVE BEEN SAVED ON ANY WEB-SITES!!!!!
Good Luck!!!!
Thanks fren, it's taking a while but it's getting there