Got hacked last night - does anyone have any extra advice?

[amigababy]

So we were out but when we came home, dd said there were 2 unusual fb posts from me, I looked on my phone, and there they were - but I'd not put them there. I changed the pw straightaway.

Then I checked our email account, and that's when I freaked as I'd apparently sent an email to someone (that I don't know - in Switzerland) and a draft of it was still also sat in the drafts account. Cue more pw changes on the email account. I checked the activity log and nothing was listed for the times when the email was sent.

But then just as I was re-setting passwords, we got told that there was unauthorised log in from Poland (so, about 2 hours after the offending email)

Is there any more that I can do beyond changing the passwords? I internet shop a lot and there are a lot of order confirmations on my email, which now worries me in case someone can log into somewhere I've shopped and place spurious orders or generally wreak havoc.

(sorry, just a bit anxious about it all)

This happened to me. You MUST change your backup email address. When I got hacked I immediately changed my pw but the bastard had changed the email address to his own, so my new password went straight to him and he changed it again.

Also, like a fool, I used the same pw for my paypal and Hotmail as well as fb, so not only was this person sending obscene messages from my fb, he was doing so from my Hotmail AND tried to take money from my paypal account.

Is it a BT.yahoo email account? There are massive problems with hacking if you google.

Use different passwords for different things. So for stuff like PayPal or amazon where they save bank details my password isn't the same as for say, hotmail or yahoo.

It's a yahoo email. I changed Amazon as I'm there a lot.

Don't know about Yahoo but with GMail, there's an activity report which shows IP addresses which have used the account recently, so probably worth checking if there's any record you can access, and/or ask Yahoo (if there's a date + time + IP address then a responsible ISP, wherever they are, could tell their customer off - of course, with Wi-Fi and so on, it's not possible for the ISP to guarantee the person who is their customer was actually the perpetrator, but it alerts them to the fact the ISP is going to take interest if there are further reports against them)...

Also, if they have an unsecured Wi-Fi router, will hopefully get them to protect against it happening again in future... I think in Germany it is an offence to have a router without password access, which is a bit OTT, but probably cuts down on random attacks.

OP - "I checked the activity log" - on what service, or device ?

As for the login on different shopping sites, change those passwords, if you wish. Most only send to cardholder address, but worth checking details to see if there are any changes to the address on file with them.

I use a (free) service called 'spamgourmet.com' with most online sites. It means I can have a unique mail address for each web site, so it protects against some types of spam (if a shop's mail list is stolen, or they sell customer details on, or get taken over by a new firm which doesn't adhere to any anti-marketing policy that was in place when you signed up first) and means that they don't automatically know what mail service you use, nor your 'real' mail address.

it was the yahoo email account activity log, it only showed UK log ins (us) all day till 9pm European time which was the Polish attempted log in. It's just that the random sent email was created 2 hours earlier.

Do you have bluetooth enabled on your phone ? Is your phone Android or Apple ? Just curious in case there's a virus on it.

no Bluetooth enabled, and its an old orange android smartphone. I just downloaded avast and did a scan.

Oh, OK, something like the San Francisco ? I just wondered if there's any way the password had been stolen from somewhere in the phone (as there have been issues where Bluetooth has been used to break into a phone and grab info). Just trying to figure out what means was used if Yahoo doesn't show any activity before the attempt from Poland after you were aware of something wrong...

Got hacked on Wednesday.Btyahoo mail. They got into my credit card account, viewed my pin no and applied for another card! Was in France at the time...got txt message from barclaycard, rang the number given, got cut off, twice, (after 2 x 30 minute calls) Indian call centre whose staff did not understand what I was saying. Not Happy With Barclaycard.

Don't have a clue how it happened, but McAfee security thingy recently ran out....

MF - download Free AVG from www.Grisoft.com - no need to pay McAfee or Norton for an antivirus when you can get a popular and widely used one for nothing.

Use a proper password management tool that will generate a different random password for each site.

but if you do do the random password stuff, you end up writing them down anyway - which is also insecure... I have (at last count) 76 sites needing passwords... they are ALL different, but memorable to me.

Yahoo is having a nightmare with hackers. There are loads of articles online about a massive spike in yahoo accounts being hacked, but yahoo won't admit the problem and therefore deal with it.

Mine was hacked and solved by changing the password, but some people I know have been hacked repeatedly and ended up having to delete their account and register with another email provider.