momopi
Well-known member
Recently someone tried to hack into my coinbase account. The individual gained access to the associated email account and setup a filter to automatically send e-mail from coinbase.com to a folder, then tried to access the coinbase account. Coinbase detected the attempt and put my account on lockdown.
The reason why the hacker put in the email filter rule is so that I wouldn't see e-mails from coinbase in inbox or spam box. So I didn't receive the login notifications, and when I tried to reset the account password the verification e-mail is also not found in inbox or spam box. If you search for @coinbase.com the password reset verification email actually does NOT show up, you have to search by the e-mail title to find which folder it was bumped into. I guess this gave the hacker extra time to gain access or something.
In retrospect, I think using one of the many popular free email services with insufficiently-long password was probably asking for trouble. Also, upon reviewing all the folders and outbox of the e-mail account, I found numerous financial record related emails including past mortgage loan applications, e-mails with my old accountant, living trust lawyer, brokerages, etc. If the hacker had downloaded everything they could go through these emails and find more personal information to play with.
To remedy the situation I did the following:
* Go through all my existing personal e-mail account and purge all e-mails containing financial information, including the outbox.
* Setup multiple new e-mail accounts with another provider & 2FA, reset all e-mail account passwords & use new passwords with at least 15+ characters in length
* Change the login ID, password, and e-mail on all financial accounts. Use different e-mail accounts for different accounts or categories.
I'm also looking into getting a second cell phone for account recovery and security. For this purpose I need:
* A service provider different from my primary cell phone provider
* Maybe (?) not an apple phone that ties into my primary phone's apple account
* Not a google voice / soft-phone
* Not a prepaid phone that expires
I found a couple cheap providers at $5-6/month, including "Hello Mobile", "Tello", "Red Pocket", "US Mobile", etc. Does anyone have experience with these?
View attachment password_time.jpg
The reason why the hacker put in the email filter rule is so that I wouldn't see e-mails from coinbase in inbox or spam box. So I didn't receive the login notifications, and when I tried to reset the account password the verification e-mail is also not found in inbox or spam box. If you search for @coinbase.com the password reset verification email actually does NOT show up, you have to search by the e-mail title to find which folder it was bumped into. I guess this gave the hacker extra time to gain access or something.
In retrospect, I think using one of the many popular free email services with insufficiently-long password was probably asking for trouble. Also, upon reviewing all the folders and outbox of the e-mail account, I found numerous financial record related emails including past mortgage loan applications, e-mails with my old accountant, living trust lawyer, brokerages, etc. If the hacker had downloaded everything they could go through these emails and find more personal information to play with.
To remedy the situation I did the following:
* Go through all my existing personal e-mail account and purge all e-mails containing financial information, including the outbox.
* Setup multiple new e-mail accounts with another provider & 2FA, reset all e-mail account passwords & use new passwords with at least 15+ characters in length
* Change the login ID, password, and e-mail on all financial accounts. Use different e-mail accounts for different accounts or categories.
I'm also looking into getting a second cell phone for account recovery and security. For this purpose I need:
* A service provider different from my primary cell phone provider
* Maybe (?) not an apple phone that ties into my primary phone's apple account
* Not a google voice / soft-phone
* Not a prepaid phone that expires
I found a couple cheap providers at $5-6/month, including "Hello Mobile", "Tello", "Red Pocket", "US Mobile", etc. Does anyone have experience with these?
View attachment password_time.jpg