I recently discovered that my Facebook, Etsy, Telegram, and Discord accounts were accessed by someone without my permission. They used my Facebook and Etsy accounts to send out scam links, and I got logged out from Discord and Telegram on my desktop. Despite having different passwords for each account and enabling two-factor authentication (2FA), I suspect a keylogger is to blame. I ran full scans with both Malwarebytes and Windows Defender, but no threats were found. There's also a suspicious program in my startup settings that has an executable file with a random string of numbers and letters. What should I do?
2 Answers
It sounds like you might be dealing with token theft, which can happen even with 2FA. If your accounts were compromised despite having 2FA on, it’s likely that your computer has been compromised too. I recommend immediately changing all your passwords again, re-authenticating your 2FA, and consider reinstalling your operating system.
What type of 2FA are you using? Are you relying on SMS codes, an authenticator app, or something else? Different methods have varying security levels, and knowing which one can help identify potential vulnerabilities.
I have a mix; some are SMS, some use email, and others go through Microsoft Authenticator. I think the issue started when I installed an indie game that Windows Defender flagged as suspicious, which might have been a mistake.
I started changing passwords and updating my MFA after the Facebook breach, but then Etsy was compromised about an hour later. Should I assume all those new passwords are compromised too?