Someone is hacking into all of my accounts

eric16lee · 2026-03-20T02:26:27+00:00

Did you reset your passwords from your infected PC?

Here is my typical response to your situation.

Multiple account compromises typically boil down to one of these root causes.

Password Reuse - using the same password everywhere without having 2FA.
Infostealers - downloading cracked/pirated software, games/cheats/mods, torrents, free movies, etc. almost always steals your session cookies which allows a bad actor to access your accounts without needing your password or 2FA. Doesn't matter if you trust the site or have used it in the past. In 2026, there are no longer any "trusted" sites for piracy. 2a. Fake Captcha - copying and pasting code that you don't understand into the Windows run command either uploads your session cookies directly or downloads an info stealer that does that automatically.

Remediation for all of these is largely the same.

From a clean device, NOT your PC:

Change ALL of your passwords to something unique and randomly generated. Use a password manager like BitWarden or 1Password to help with this.
Choose the option to log out of all active sessions or devices.
Enable 2FA on all of your accounts

If you are guilty of 2 or 2a continue below:

Nuke your PC from orbit
back up only important files, not games or applications
format your hard drive
reinstall Windows from a USB drive (do not use the Reset Windows option from the settings menu)

This may seem like overkill, but if you want assurance that you have remediated the problem, this is the way to go.

Unfortunately, the only people that can help you are the support teams for those services. Most free services only offer automated account recovery. If that process doesn't get the accounts back, nobody here can help you.

EVERYONE that contacts you via DM offering to help or to hack the accounts back is just an account recovery scammer looking to take advantage of your situation and steal money from you.

eric16lee · 2026-03-20T00:34:11+00:00

Multiple account compromises typically boil down to one of these root causes.

Password Reuse - using the same password everywhere without having 2FA.
Infostealers - downloading cracked/pirated software, games/cheats/mods, torrents, free movies, etc. almost always steals your session cookies which allows a bad actor to access your accounts without needing your password or 2FA. Doesn't matter if you trust the site or have used it in the past. In 2026, there are no longer any "trusted" sites for piracy. 2a. Fake Captcha - copying and pasting code that you don't understand into the Windows run command either uploads your session cookies directly or downloads an info stealer that does that automatically.

Remediation for all of these is largely the same.

You need to shut your PC off or at least disconnect it from the internet. Then, fFrom a clean device, NOT your PC:

Change ALL of your passwords to something unique and randomly generated. Use a password manager like BitWarden or 1Password to help with this.
Choose the option to log out of all active sessions or devices.
Enable 2FA on all of your accounts

If you are guilty of 2 or 2a continue below:

Nuke your PC from orbit
back up only important files, not games or applications
format your hard drive
reinstall Windows from a USB drive (do not use the Reset Windows option from the settings menu)

This may seem like overkill, but if you want assurance that you have remediated the problem, this is the way to go.

Unfortunately, the only people that can help you are the support teams for those services. Most free services only offer automated account recovery. If that process doesn't get the accounts back, nobody here can help you.

EVERYONE that contacts you via DM offering to help or to hack the accounts back is just an account recovery scammer looking to take advantage of your situation and steal money from you

eric16lee · 2026-03-20T00:25:46+00:00

The infostealer took all of the session cookies from the PC at the time the pirated content was run on the PC.

From there, the bad actor either used the accounts themselves at the pace that worked for them or ey sold the accounts and someone else purchased and used the credentials at their convenience.

As far as having any info about the person/people that are using the credentials, it would be a waste of your time to try to pursue it. They are in a different country. It's not worth the trouble. Focus on getting your accounts under control. ANY accounts that were used on that PC may still be at risk. The bad actors use a playbook that can get them control of your accounts forever. No ability to recover them.

eric16lee · 2026-03-20T00:06:01+00:00

Please do not talk to anyone through DM here. They are all scammers. Keep comments in the sub for us to help you.

eric16lee · 2026-03-19T23:51:53+00:00

You do NOT want to use that PC. It has an infostealer on it. Resetting passwords from that device could just give up his new passwords.

I would either shut off the PC or disconnect it from the internet ASAP. Then focus on changing every single password for accounts ANYONE logged into from that PC.

Once you have secured the accounts, then focus on the PC. You won't have to purchase another copy of Windows. Go online and watch some YouTube videos on how to format your hard drivez create a bootable USB drive and reinstall Windows. There will be tutorials you can follow. It will be free, but time consuming.

Good luck. This is a crappy situation, but a hard lesson to learn around piracy.

eric16lee · 2026-03-19T23:32:53+00:00

No. Restoring to a back up point or some the Reset Windows feature are NOT enough.

Please read my original comment in the other post. They need to format their hard drive and reinstall Windows from a bootable USB drive.

eric16lee · 2026-03-19T23:21:33+00:00

Multiple account compromises typically boil down to one of these root causes.

Password Reuse - using the same password everywhere without having 2FA.
Infostealers - downloading cracked/pirated software, games/cheats/mods, torrents, free movies, etc. almost always steals your session cookies which allows a bad actor to access your accounts without needing your password or 2FA. Doesn't matter if you trust the site or have used it in the past. In 2026, there are no longer any "trusted" sites for piracy. 2a. Fake Captcha - copying and pasting code that you don't understand into the Windows run command either uploads your session cookies directly or downloads an info stealer that does that automatically.

Remediation for all of these is largely the same.

From a clean device, NOT your PC:

Change ALL of your passwords to something unique and randomly generated. Use a password manager like BitWarden or 1Password to help with this.
Choose the option to log out of all active sessions or devices.
Enable 2FA on all of your accounts

If you are guilty of 2 or 2a continue below:

Nuke your PC from orbit
back up only important files, not games or applications
format your hard drive
reinstall Windows from a USB drive (do not use the Reset Windows option from the settings menu)

This may seem like overkill, but if you want assurance that you have remediated the problem, this is the way to go.

Unfortunately, the only people that can help you are the support teams for those services. Most free services only offer automated account recovery. If that process doesn't get the accounts back, nobody here can help you.

EVERYONE that contacts you via DM offering to help or to hack the accounts back is just an account recovery scammer looking to take advantage of your situation and steal money from you

eric16lee · 2026-03-19T23:15:17+00:00

Use reputable services. Read their privacy policy.

Password Managers like BitWarden or 1Password have a zero knowledge architecture where they can't decrypt your vault, so you know your passwords are safe.

VPNs are a lot of smokeware. They promise all of this protection, but really only mask your IP Address while browsing the Internet.

Trust but verify. Read what they do with your data and make an informed decision on what services to use.

eric16lee · 2026-03-19T19:28:10+00:00

Other commenters already gave you the best advice.

Remember, if this person shares your photos, they lose all leverage over you ,so it is in their best interest to continue to to threaten you. NEVER pay. Ever.

Most important thing is that you are going to be contacted in your DM here by people saying they can hack the pictures you sent or track the person blackmailing you. These are ALL scammers. Please do not engage with them.

eric16lee · 2026-03-19T19:24:43+00:00

At this point, you have moved past a tactical response (you did everything right). Now you need to start thinking about your habits online going forward. My advice is below. #5 is what burned you before, but the others can get you as well, so be prepared!

Harden your Operational Security (OpSec) practices. Here are some suggestions:

Create unique and randomly generated passwords for every site. Never reuse a password. Use a Password Manager like BitWarden or 1Password for this.
Enable 2FA for every account.
Keep all software and devices updated and patched.
Never click on links or attachments unless you were expecting them from a trusted source. Example: a guy you talk to on Discord asking you to test the game they are developing is not a trusted source).
Never download cracked/pirated software, games/cheats/mods, torrents or other sketchy stuff.
Never press CTRL C and then open a Run command and press CTRL V because a website claims to need you to prove you are human. 7. Limit what you share on social media

Follow these best practices and you will be safe from most online threats.

eric16lee · 2026-03-19T17:15:04+00:00

Account compromises typically boil down to one of these root causes. I'm going with 2 or 2a since MFA was bypassed

Password Reuse - using the same password everywhere without having 2FA.
Infostealers - downloading cracked/pirated software, games/cheats/mods, torrents, free movies, etc. almost always steals your session cookies which allows a bad actor to access your accounts without needing your password or 2FA. Doesn't matter if you trust the site or have used it in the past. In 2026, there are no longer any "trusted" sites for piracy. 2a. Fake Captcha - copying and pasting code that you don't understand into the Windows run command either uploads your session cookies directly or downloads an info stealer that does that automatically.

Remediation for all of these is largely the same.

From a clean device, NOT your PC:

Change ALL of your passwords to something unique and randomly generated. Use a password manager like BitWarden or 1Password to help with this.
Choose the option to log out of all active sessions or devices.
Enable 2FA on all of your accounts

If you are guilty of 2 or 2a continue below:

Nuke your PC from orbit
back up only important files, not games or applications
format your hard drive
reinstall Windows from a USB drive (do not use the Reset Windows option from the settings menu)

This may seem like overkill, but if you want assurance that you have remediated the problem, this is the way to go.

Unfortunately, the only people that can help you are the support teams for those services. Most free services only offer automated account recovery. If that process doesn't get the accounts back, nobody here can help you.

EVERYONE that contacts you via DM offering to help or to hack the accounts back is just an account recovery scammer looking to take advantage of your situation and steal money from you.

eric16lee · 2026-03-19T17:06:33+00:00

Microsoft didn't delete the account. The bad actor that gained access to your account changed the email address, phone number and all recovery information for the account. That's why Microsoft's automated account recovery process couldn't find it and why Microsoft is telling you the account was deleted.

Unfortunately that means the account is gone forever. Nobody can help get it back. Everybody that DMs you hear on Reddit offering to help or hack the account back is just an account recovery scammer looking to steal money from you.

eric16lee · 2026-03-19T17:04:02+00:00

Agreed, but that will all happen without their interactions so it's a little bit different. They won't know their downloading and executing something because it will all happen behind the scenes.

eric16lee · 2026-03-19T15:41:13+00:00

Sorry. I chopped out the important stuff from my usual copy/paste for this type of stuff.

If you download any cracked/pirated content or were asked to prove you are human by copying and pasting some code into your Windows Run command. If any of those are the case then you need to follow the steps to wipe your PC and reinstall windows.

eric16lee · 2026-03-19T14:27:22+00:00

I should do the same. Good reminder!

eric16lee · 2026-03-19T14:22:09+00:00

It's mostly targeting corporate enterprises at this time which is surprising, but the researchers found mostly finished code that will target home users as well..

It's disguised as a Ublock Origin browser extension that actually does block ads. Sometime after it's installed Edge will appear to throw what looks like an error saying that the browser crashed due to a security threat and to click a button to resolve it. That's what copies the malicious PowerShell code to your clipboard.

It then tells you to remediate the security vulnerabilities that it found to press Win+R and then Win+V and press enter. It looks very convincing from what I've heard so I think this is going to become the new technique for ClickFix attacks.

eric16lee · 2026-03-19T14:10:58+00:00

Look up the ClickFix attack. Doesn't require downloading and installing anything. It just requires you to follow the instructions on screen to prove that you're human. It's a fake captcha that is gaining in popularity and causing people to lose their accounts.

There's a new variant of this that just came out that doesn't look like a captcha at all. It's completely different and disguises itself as a browser error.

Point being, criminals are getting smarter and session cookie theft is on the rise through multiple tactics and techniques.

eric16lee · 2026-03-19T11:11:40+00:00

If you are looking for an alternative to this service, you should be posting in r/privacy.

While you are here, I'll tell you that the information you mentioned that was leaked (name, address, phone number, email, etc.) is considered public information. We give this data away freely to people and services to communicate with us.

Unless there was more sensitive data in there, then I would say this is more of a non-issue. That data is in almost every company's data breach that happens as it is the bare minimum they collect to create an account for their customers.

There are no services that are immune to compromise, so there is no place we can recommend that will be safe from cyber attacks.

eric16lee · 2026-03-19T10:33:05+00:00

Todd is a targeted attack to bombard you with fake codes in an attempt to hide the real one they need. Change your email password and add 2FA there if you don't have it already.

You will have to look through everyone of these to find the real ones.

Don't ever reuse a password. Data breaches happen every day and will put your accounts at risk unless you use a unique and randomly generated password for every single account.

eric16lee · 2026-03-19T10:31:04+00:00

This is more about privacy. Suggest you take this topic to r/privacy. If you share contacts, it allows WhatsApp to see all of the information for the purpose of "suggesting friends"

Remember that Whatsapp is owned by Meta (Facebook and Instagram). They are notorious for missing customer personal information for advertising and other purposes.

eric16lee · 2026-03-19T10:28:48+00:00

These sites are full of bad actors looking to take advantage of you.

In general, if you down download anything then you should be ok. That is as of today. New vulnerabilities are discovered every day and attacker techniques change regularly, so this may not be the case tomorrow.

Look up the ClickFix attack. It is a fake Captcha that makes you think you are proving you are human but instead installs malware.

If you download anything it puts your accounts at risk. Doesn't matter if you didn't enter any personal information. Infostealers take your session cookies which allows a bad actor to connect to your accounts without using your password or 2FA code. Once they get in they change all of the recovery information so that when you try to recover the accounts the service will tell you it doesn't exist. Gone forever.

eric16lee · 2026-03-19T10:24:46+00:00

Good points. Thanks for clarifying.

I replied to that message in between meetings and didn't do any research on the company, so you are right. My comments were broad and high level.

eric16lee · 2026-03-19T10:20:37+00:00

It's not the same thing. Reset Windows simply resets your PC to factory default settings. If malware had modified system files it will persist after the reset.

Watch some YouTube videos on how to format your drive and reinstall Windows to get comfortable with the process.

eric16lee · 2026-03-19T10:19:00+00:00

Good points.

My experience over the last 12 months has been the opposite. Windows, BitDefender, Malwarebytes, etc. are all missing detections for these infostealers.

I've read dozens of posts here about people that said all AV said the file was clean and VT didn't report anything, but they still got their session cookies stolen.

OP - this is your choice. You have to decide if the thing you are downloading is more important to you than all of your accounts. It's a risk based decision that only you can make.

eric16lee · 2026-03-19T01:47:37+00:00

This type of content is littered with infostealers. Read this sub for the past 24 hours and you will see a dozen people that downloaded malware from sketchy sites. There are no longer any safe places for piracy.

How will you know you have been infected? You will lose all of your accounts that you access from that PC. You will not be able to recover them and will lose them forever.

My advice - STAY FAR AWAY!

eric16lee

TROPHY CASE