Next steps for a social media breach

Hello folks o/

Apologies if the wrong sub, not sure where else to ask. I appreciate this also may be a "I got hacked" post which is against the rules - if so, happy to remove.

Not much of a hacker myself, software engineer by profession though, please speak as technically as you wish. My partner had their email compromised - and subsequently the "hacker" gained access to their instagram account. All happened at 4am.

The hacker performed an instagram data dump - which is alarmingly comprehensive. In addition to this, they gained access to my partner's paypal. Luckily the paypal was not in use.

Haveibeenpwned seems to indicate their credentials were compromised in two previous breaches.

I've recommended changing all passwords, enabling 2FA wherever possible etc., using a password manager (which I have been emphasizing for months), but I'm curious about a few things:

  1. Does anyone know what hacks of this nature seek to achieve? Use pictures etc. to create fake profiles for future phishing? Or more nefarious, is blackmail etc. a future possibility? Is this sort of stuff sold somewhere (deep web)?
  2. Are there any other next steps should my partner/I be taking?
  3. Are there any tools I can use to find if information (such as pictures, name, etc.) are being used?

Thanks!

submitted by /u/torakfirenze
[link] [comments]

from hacking: security in practice https://ift.tt/3pxiSHb

Comments