How I got Hacked on everything and why you should never use google password manager
Summary
TLDRIn this video, the creator shares a cautionary tale of being hacked despite taking extensive security precautions, including two-factor authentication and a password manager. After falling for a seemingly legitimate email from Adobe, they unknowingly downloaded malware, leading to a hijacked account. The hackers bypassed two-factor authentication using stolen cookies, resulting in fraudulent purchases and account misuse. The creator warns against using Google’s password manager due to its vulnerabilities and advises using open-source alternatives like Bitwarden for better security. This experience highlights the growing sophistication of online threats and the importance of remaining vigilant.
Takeaways
- 😀 Be cautious about saving passwords in Google Password Manager as it is vulnerable to hacking.
- 😀 Even with two-factor authentication (2FA) and strong precautions, hackers can bypass security systems using advanced methods like token hijacking.
- 😀 Avoid clicking on suspicious links, especially from unknown senders, even if they appear to come from reputable companies.
- 😀 Always verify the legitimacy of emails or offers before engaging, especially when they offer money or services that seem too good to be true.
- 😀 Use third-party, open-source password managers like Bitwarden or Passkey instead of relying on browser-based password managers.
- 😀 Malicious software can install itself undetected, especially as browser extensions, which can bypass antivirus software and affect system security.
- 😀 Hackers can impersonate others through AI-generated voices and deepfake technology, making online scams even harder to detect.
- 😀 Scammers can exploit authentication tokens and cookies to gain access to accounts even after you’ve authenticated yourself through 2FA.
- 😀 Dynamic IP addresses and VPN usage can make it difficult to track suspicious online activity, allowing hackers to bypass location-based checks.
- 😀 Be cautious with online interactions, especially when dealing with financial transactions or sensitive personal information, as hackers may try to deceive you into making payments or purchases.
- 😀 The ever-evolving sophistication of online scams and hacking techniques means that even the most cautious individuals can fall victim to cyberattacks.
Q & A
What is the main lesson the speaker wants the audience to take away from the video?
-The speaker emphasizes the importance of not using Google Password Manager to store passwords and passkeys, as it is highly vulnerable. They suggest using third-party, open-source password managers like Bitwarden or Passkey for better security.
How did the speaker first become aware of the hack?
-The speaker initially discovered the hack after receiving a suspicious email from someone claiming to be from Adobe, which contained a link to a PDF with malware. Although the speaker didn’t realize it at the time, this was the start of the hack.
What security measures did the speaker have in place before the hack occurred?
-The speaker had two-factor authentication enabled on all accounts, used strong, random passwords, and avoided saving passwords in browsers. They also used antivirus software, firewalls, and Spybot to protect their system.
Why did the speaker trust the Adobe email despite its suspicious nature?
-The speaker researched the email address and verified that it belonged to someone in Adobe Marketing. They also emailed Adobe directly, and a representative confirmed that the person in question worked for Adobe, making the situation seem plausible.
What method did the hackers use to bypass two-factor authentication?
-The hackers used a technique where they hijacked authentication tokens or cookies in Google Chrome. This allowed them to bypass the two-step authentication process because the speaker had already authenticated the session on their device.
How did the hack impact the speaker's online activities?
-The hack led to unauthorized actions like buying random items on Amazon and eBay, hacking Discord to pump Bitcoin, and attempting to use the speaker's Venmo account for fraudulent transactions. Additionally, the speaker received spam calls related to fake DMV tickets.
What role did the Google Chrome extension play in the hack?
-The malware installed itself as a Google Chrome extension, and once activated, it deleted itself. This method was effective in evading detection by traditional antivirus and malware scans.
What did the speaker learn about the vulnerability of Google Password Manager?
-The speaker learned that Google Password Manager, as part of Chrome and other Chromium-based browsers, is highly vulnerable. The password manager can be bypassed by hackers using advanced techniques, making it unsafe for storing sensitive information.
What did the speaker do after discovering the hack?
-After discovering the hack, the speaker changed all their passwords, wiped their computer, and reinstalled everything from scratch. They also switched to a more secure password manager and emphasized the importance of security awareness.
What advice does the speaker give regarding online security?
-The speaker advises being cautious about where and how personal information is shared online. They highlight the importance of using secure, third-party password managers and the need for vigilance in verifying suspicious emails and links.
Outlines
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowMindmap
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowKeywords
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowHighlights
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowTranscripts
This section is available to paid users only. Please upgrade to access this part.
Upgrade NowBrowse More Related Video
36. Literasi Digital - Pengelolaan Kata Sandi dengan Manajer Kata Sandi - Informatika Kelas X
Graphical Password Authentication
CARA MENGAMANKAN AKUN MOBILE LEGENDS HASIL BELI BIAR TIDAK DI HACK BACK BALIK
Your Passwords Are in Danger: Why You Need a Password Manager Now!
10 Privacy Tools I Can’t Live Without
2021 OWASP Top Ten: Identification and Authentication Failures
5.0 / 5 (0 votes)
