Hacked, Identity Stolen & Need Customer Service ASAP! [Moved to email]

needhelplease

My MacBook and iPhone were hacked by the the malware Trojan Win32 Malware-gen, which then compromised the security of my credit card numbers, account passwords, etc.

This Trojan modified my DNS records and redirected incoming internet traffic through the attacker's servers, where it further hijacked more information and ran my information back to the hacker.

On top of all this, the Trojan also installed a watchdog process that ensured my DNS records stayed modified on a minute-by-minute basis. They can see my keystrokes and everything I do. I've used, opened and modified my 1Password on my Mac and iPhone early on, before I knew this Trojan was on my computer, since I was under the belief (at the time) that Mac computers couldn't get malware like Trojans or viruses.

One credit card was already stolen, and I don't want to get into further details on this discussion board, but the hacker then hacked my router IP address, and then hit the jackpot when I had my Mac and iPhone synched through wifi and 1Password and then potentially obtained my password(s) through my keystrokes.

In general, all of my emails are compromised, all of my information is stolen and I've had to make an alias email in order to even get on here to ask for a customer service number.
As odd as the likelihood is of this happening to another person, there needs to be an emergency number to call in the event of identity theft for the aforementioned reasons and the details I have yet to tell you.

The last thing someone wants to do is search for someone to call in a desperate situation, not find a number, and then have to post this serious act of invasion for all to see on a discussion board, especially when the whole concept of 1Password is to protect information, not disclose it. Don't get me wrong, I love community discussion boards where people help people, it's great, but in this situation, I need a direct line.

I currently have law enforcement with a detective on this case specifically, my Identity Theft Protection Service, Apple, Verizon, Chase Bank and a few other parties involved and I need to speak to a customer service representative immediately regarding the current status of my 1Password account.

I believe I saw an email address in another thread. I'll try to find that and email you through a secure line, but it would be great if you could post a number in the meantime. I found, what I believe to be your number, through a search, but I wait for a response to this first before I call the other number directly.

Time really is of the essence on this one, so please message me on here or please post to this thread, whatever you deem fit.

Thank you in advance ::fingers crossed::

Stephen_C

I am a little puzzled by some aspects of your post—possibly there are some misunderstandings (on both my part and yours).

The trojan you mention appears to be a Windows executable file. If that is indeed the case I don't understand how it could have "hacked" your MacBook & iPhone. Are you running Windows on your Mac or do you sync your 1P data between a PC and your Mac? How do you know specifically that the MacBook & iPhone have been "hacked"? (I ask only because, on the basis of the information you've supplied, it does look a little unlikely.)

I need to speak to a customer service representative immediately regarding the current status of my 1Password account.

Please understand that your 1P data resides on your devices (and in the Cloud if you use that to sync 1P data of course—although you say you use wifi so that can't be relevant to you). Your 1P data is not held by anyone else (including, of course, AgileBits). All your 1P data is protected by your master password so without that master password nobody can access your 1P data. Now if there really is some sort of key logger installed on your Mac (or, probably less likely, on your iPhone) all bets are off and it's possible someone might log and obtain your master password. If that happens and they then obtain access to your 1P vault your 1P data is at risk, of course.

I understand your concern but it would be helpful to take things slowly so that we can understand exactly what has happened. Let us have some more information, please. There are always helpful people around on these forums so you're likely to get quick support here.

Stephen

ag_kevin

Hello @needhelplease ,

First, I want to say I'm very sorry to hear this has happened to you and I hope we can be of some assistance to address your concerns. I will attempt to allay some of your concerns, and then follow with some recommendations.

I can confirm that the trojan you mentioned can not infect Macs or iPhones - it only works on Windows. There is some malware on Macs, but it is extremely rare. You likely would have had to install something recently that contained any malware. May I ask how you came to conclude it was the win32 malware-gen which infected you? And how did you discover that your DNS kept getting changed? Was it changed on your Mac, or on your router. Where to you go to check this? Finally, how did you determine a keylogger was installed?

Also, unless your iPhone is jailbroken (something you would have to explicitly do every time you restart your phone), there is no known malware that infects iPhones, If you are concerned your home WiFi is compromised, you can turn WiFi off on your phone and use your phone on your carrier's data plan. Then you can sign in and use the forums safely there. If you are concerned about your email, I can suggest getting a new gmail or yahoo address for the purposes of communicating temporarily. You can email us at support@agilebits.com, however, we are experiencing a bit of a backlog there; you'll get quicker responses here. But if you'd rather discuss in private, we'd completely understand.

As Stephen_C mentioned, AgileBits does not store your password vault. If you synced through WiFi, then your 1Password vault exists only on your Mac and iPhone, and in any backups you may have made. Also note that your password vault is encrypted, so if you used a strong password that you have not used anywhere else, it is extremely unlikely that any hacker can read your passwords. However, due to the possibility of keystroke loggers on your Mac I suggest doing the following:

1. Change the master password of your 1Password vault. Do this on your iPhone. Do not forget this new password.
2. Log into your email accounts (if you can) and change your passwords. Also if they offer security questions, change them to nonsensical answers (something people can't find out by researching). For example, "What is your mother's maiden name?" could be set to "desk lamp." When you change them be sure to record those answers in 1Password so you have the answers when you need them later. Again, if you believe a keylogger is on your Mac, do it from your iPhone.
3. If there are email accounts that you can't log into (because the hacker changed your password), contact customer support for those services and get a new password set.
4. When setting new passwords, do not re-use the same password for more than one service.
5. I see you've already contacted your banks, Apple, etc. So that is good.
6. Once you are certain that your Mac is free of keyloggers or malware, you may wish to change the WiFi router's admin password, and your WiFi network password.

Other than that, I just want to reiterate, that unless you are certain that a keylogger has been installed on your Mac (the win32 malware could not have, and I don't think your iPhone has been compromised) and you haven't given your 1Password master password to anyone, then your 1Password data is likely safe.

If you have further questions, feel free to email us at the address above or reply here. Also, if you can, please provide details of what you saw on your Mac to determine malware has been installed. Do not provide any specifics like account numbers though passwords though, but more of what you saw. (e.g. my DNS changed, found these files, etc)

southernforge

A troll, possibly?

Plato

@southernforge

I think that you're correct. A Windoze malware has infected an iPhone and a Mac and has totally destroyed ALL logins. Hmmm...

littlebobbytables

@southernforge & @Plato

While I might find some of the details odd, I think the average person faced with anything like this would probably be quite panicky so maybe it's nothing more than that, Let's face it, identity fraud sucks.

I would like to add a little tidbit of information to @hayesk response to @needhelplease. 1Password for Mac makes use of the Secure Input Event when requesting your Master Password, the same code that Apple uses for user account login or Apple ID password etc. What this means is to obtain anything typed into fields like this the computer has to be completely compromised, a simple key logger would be insufficient. Only the application that calls this type of field can see the contents.

Other than that hayesk has posted a lot of advice on what to do.

southernforge

Good points, @littlebobbytables, thank you...

MikeT

On behalf of Adam, you're welcome.

komrad

The person doesn't say what they want to accomplish. If your identity is compromised, then you report it to the authorities , freeze your credit, and perhaps take other measures ( change passwords, contact banks, credit cards,etc ). I cannot think of any reason to contact Agilebits. What would a software development company do?

needhelplease

I have just sent an email clarifying everything. For the record, this is an unprecedented malware attack, and all of the proper authorities and companies have been notified. I have to be vague because, guess what, this is under investigation and the hackers got into all of my accounts, despite the security measures I had taken before this happened. By detailing my exact issues on this public forum, I`m allowing them to watch, and counter, the very advice you might give me on here. As a Mac and iPhone user and 1Password subscriber on both, this could unfortunately happen to any of you, despite how inpractical it might seem. I also do not have a secure way of accessing my 1Password passwords, as my Macbook, iPhone, router and everything connected to that router have been compromised. This has to be my last post on here until the issue is resolved, but know that this is very real and absolutely terrible.

Stephen_C

Thank you for the update and for letting us know we can't help more at the moment. If that changes please post again with the answers to the questions in posts #2 and 3 above.

Stephen

MrC

A fair amount of text was lifted from this post

https://discussions.apple.com/docs/DOC-2472

ag_kevin

@needhelplease, please re-read my comments regarding your iPhone. Also note, that if you are not comfortable discussing this further in public, please send us email at the address above. We should be able to help you.

Thanks.

ref: ADL-98747-187

needhelplease

@hayesk I emailed AgileBits before I posted on here and, and have since received a reply, but I need to speak with a representative over the phone. My iPhone is not jailbroken, it has been restarted, I have replaced my router, but can't plug it in until all of the malware is removed from everything. I've been dealing with a corrupt version of my iPhone since September 19th when I switched from iOS 7 to 8 and have been working with Verizon and Apple since. I have 5 case notes with Apple, have gone over every aspect of software and hardware issues and now, to add to everythung else, I have been hacked. I only messaged on here to speak directly to a representative and detail why. I cannot stress this enough, my Mac and iPhone have been compromised. I'm reading and listening to what you're saying, but I have contacted customer support, and in some situations, including Apple itself, I can't change the password and when I change the Appleid email, it wont let me verify the email. I had tried changing certain passwords originally through 1Password, and the accounts wouldn't let me. Please stop having me explain why I need to speak directly to a representative. I provided my information in the email I sent yesterday, and to the emergency email.

Also, thanks for speculating that I'm a troll, everybody. That's the last thing someone wants to hear when they're in this situation, so thanks for the empathy and support.

danco

Would you care to tell us how you were hacked? If you are using the right words, and it was indeed a trojan rather than a virus, that means that you were tricked into installing the malware. Telling us how it happened might help others avoid being tricked the same way.

Just for the record (as again it might help people avoid issues), not directly related to your issue, some of the software download sites will install adware if you don't watch out. Not strictly malware, as they tell you they will be installing extra stuff and also tell you - if you look closely - how to get the software without the adware. Best way to install software is from the developer's site, next best is from macupdate, which does not install any adware. And if one does get caught by adware, then www.thesafemac.com provides a program (adware medic) for getting rid of it and also instructions for getting rid of it manually.

Megan

Hi @needhelplease ,

Someone from our team has responded to your email, please check your inbox. Just to avoid confusion, we'll keep the conversation going directly via email from now on.

Thanks to everyone in this thread who has popped in to help out!