I got a message from a friend on Discord who said they were making a game and asked me to test it. Trusting them, I downloaded the .exe file. Soon after I ran it, it opened some command prompt windows—then I realized I'd made a mistake. It started messaging my Discord friends to do the same. I quickly changed my Discord password, my Google password, and my password manager password, but I'm worried I might not have acted quickly enough. During this chaos, I received a message from the sender containing some of my personal information, including my Google account details, email, name, address, and phone number. To be safe, I did a clean install of Windows and changed all my passwords again (Google, Discord, etc.) and also set up two-factor authentication on everything, removing SMS verification for my phone number since I assume it was compromised. I even changed my master password for my password manager, but in my panic, I forgot it and have contacted support for a full reset, which may result in losing all my saved passwords. I'm really paranoid that I might have overlooked something or that they may have accessed more info than I realized. Am I safe now?
2 Answers
I’m curious what the exact name of the .exe was. It might help everyone understand exactly what you were dealing with. Just remember, don’t share it as a clickable link!
It sounds like you took quite a few steps to secure your accounts, which is great! Just to be extra safe, consider changing your passwords again from a device you know is clean—ideally, do this on your phone. Make sure all your passwords are unique and enable 2FA wherever possible. It's a good idea to sign out of all active sessions for your accounts too. Regarding your phone number, it’s likely not compromised, but using an authenticator app for 2FA instead of SMS can enhance security. Running a malware scan wouldn't hurt either, but a clean install of Windows is definitely the best way to ensure everything is wiped clean. Let’s keep our fingers crossed you didn’t lose any sensitive info!
You mentioned changing passwords in a bit of a panic, but it's good you switched to your phone for that! Just remember, you should always try to use a reputable password manager moving forward to keep everything safe, and make sure to write down those passwords until you regain access to your password manager.
I don't remember the exact name, but I won't be messing around anymore after going through all this! I have a screenshot of the site where I downloaded it, just to give you an idea.