My baby cousin called me in tears because all her accounts have been compromised.
-
My baby cousin called me in tears because all her accounts have been compromised. We went over possible infection vectors (the “try my game” DM scam etc) and nothing stood out. But then she wondered if they’d gotten a foothold through the Canvas ransom somehow.
Has anyone else heard of students getting their personal accounts popped very recently in a way that might be tied to the Canvas incident?
-
My baby cousin called me in tears because all her accounts have been compromised. We went over possible infection vectors (the “try my game” DM scam etc) and nothing stood out. But then she wondered if they’d gotten a foothold through the Canvas ransom somehow.
Has anyone else heard of students getting their personal accounts popped very recently in a way that might be tied to the Canvas incident?
@0xabad1dea I'm guessing that she used a common password for the impacted stuff?
-
My baby cousin called me in tears because all her accounts have been compromised. We went over possible infection vectors (the “try my game” DM scam etc) and nothing stood out. But then she wondered if they’d gotten a foothold through the Canvas ransom somehow.
Has anyone else heard of students getting their personal accounts popped very recently in a way that might be tied to the Canvas incident?
@0xabad1dea Not specifically. Did she use the same password for Canvas and these other services? Or Canvas and the email associated with those services?
-
@0xabad1dea I'm guessing that she used a common password for the impacted stuff?
@rootwyrm she insists no. which implies malware got directly onto her desktop, but it's not clear how. (I cannot check her computer at this time.)
-
My baby cousin called me in tears because all her accounts have been compromised. We went over possible infection vectors (the “try my game” DM scam etc) and nothing stood out. But then she wondered if they’d gotten a foothold through the Canvas ransom somehow.
Has anyone else heard of students getting their personal accounts popped very recently in a way that might be tied to the Canvas incident?
@0xabad1dea browser extension?
-
@rootwyrm she insists no. which implies malware got directly onto her desktop, but it's not clear how. (I cannot check her computer at this time.)
@0xabad1dea okay, that definitely adds a wrinkle. I'm not familiar with Instructure's crap, but I believe Canvas is web based. I wonder if it was malicious JS with a token stealer.
-
My baby cousin called me in tears because all her accounts have been compromised. We went over possible infection vectors (the “try my game” DM scam etc) and nothing stood out. But then she wondered if they’d gotten a foothold through the Canvas ransom somehow.
Has anyone else heard of students getting their personal accounts popped very recently in a way that might be tied to the Canvas incident?
@0xabad1dea I have heard that some students received phishing emails in relation to the Canvas hack. I don’t know if it was just opportunistic or directly related to the Canvas hack.
-
My baby cousin called me in tears because all her accounts have been compromised. We went over possible infection vectors (the “try my game” DM scam etc) and nothing stood out. But then she wondered if they’d gotten a foothold through the Canvas ransom somehow.
Has anyone else heard of students getting their personal accounts popped very recently in a way that might be tied to the Canvas incident?
@0xabad1dea first, is there a chance cousin was scammed by a faked ‘you’ve been compromised’ message?
Worst tangles I’ve seen folks get into (in the last year or two) have been losing their social media account(s). Worse, the fraudsters parlay lockouts done by platforms into really scaring folks.
-
@0xabad1dea first, is there a chance cousin was scammed by a faked ‘you’ve been compromised’ message?
Worst tangles I’ve seen folks get into (in the last year or two) have been losing their social media account(s). Worse, the fraudsters parlay lockouts done by platforms into really scaring folks.
@InkomTech it's definitely not a fake scare, because this all began when *we* called *her* because "she" was DM'ing us on Discord about exciting investment opportunities. She called us back in tears when it was clear it wasn't just her discord, but everything.
-
R relay@relay.infosec.exchange shared this topic
