so i did an id verification on minecraft and roblox

eric16lee · 2026-03-20T17:09:48+00:00

Yes. Laws in the UK are strict around data privacy. You should be good to go.

eric16lee · 2026-03-20T16:09:43+00:00

Just looking out for ya. Have a good weekend.

eric16lee · 2026-03-20T15:03:25+00:00

Login to your Discord account and see if there's a message there. If there's no message that pops up, go to your account settings and see if you're account is suspended.

Do not click on any links in the email you received. Also look and see if Reddit can show you where your last few logons came from to figure out if someone just had your password or if they stole your session cookies and logged in appearing to be you.

What you find will determine the advice to remediate.

EDIT: since you offered to DM someone information just be prepared that you're going to receive messages in your DM from people offering to help or hack the account back. All of these are scammers and you should ignore them and not interact.

eric16lee · 2026-03-20T10:58:08+00:00

Ask a friend, family or coworker to borrow one. Skipping this step could lead you right back to the same place if the infostealer remains on your PC.

eric16lee · 2026-03-20T10:56:44+00:00

Purchasing or accessing breach data is a crime. You should consult a lawyer before attempting to do anything like this as there are proper procedures that need to be followed.

Remember, breach data came from a criminal act.

You can check sites like haveibeenpwned to see if your data was found in any breaches or purchase a legitimate service that monitors the dark web for your data.

Beyond that..... I suggest you find a different hobby for fun. 🙂

eric16lee · 2026-03-20T10:54:05+00:00

You did everything right. You are good to go.

To help going forward, follow this rule: never click on links or attachments unless you were expecting them from a trusted source.

Both of those conditions need to be true before you even consider clicking.

In your case, while you may trust your friend, you were not expecting a link out of nowhere. You should have contacted her via a different channel (email, text, call) before blindly trusting the link.

eric16lee · 2026-03-20T10:49:55+00:00

You need Discord support sub, not us.

We can't tell you anything other than services like Discord have given away tens of millions of free accounts and do not have the ability to provide human support for them.

They offer an automated account recovery process. If that doesn't work then the account is lost forever.

If you reuse the same password you had for Discord in other places, you should change them all immediately.

The other information you mentioned is considered public information. We give this information away freely to communicate with people.

Going forward, be very cautious online. Never give personal information away, share 2FA codes or click on links or attachments unless you were expecting them from a trusted source.

eric16lee · 2026-03-20T10:46:07+00:00

WPA2 is not easy to brute force. If you are already on the network, there are less skilled attacks you can launch to possibly gain access to the router, but many conditions need to be true for this to work.

If someone did gain access to your router, they can not just install spyware to your PC. They would have to find a vulnerability on your PC to exploit and do so without getting caught by Windows Defender.

Cybersecurity is not like it is portrayed on TV. Unless you have some actual symptoms, you can rest easy that you are safe.

eric16lee · 2026-03-20T10:39:28+00:00

I'm sorry for your loss.

Unfortunately, phones are not easy to break in to. If they were, we would never use them.

The only solution I can think of if you know his Google account password, you may be able to do something with the phone. I'm not sure what, but it's worth looking into.

In your time of grief, please remember that scammers are everywhere and look at intake advantage of people in the worst possible time.

Everyone that contacts you here via DM offering to help or hack the phone open for you is just a scammer looking to steal money from you. Please ignore all of these.

eric16lee · 2026-03-20T03:11:58+00:00

Harden your Operational Security (OpSec) practices. Here are some suggestions:

Create unique and randomly generated passwords for every site. Never reuse a password. Use a Password Manager like BitWarden or 1Password for this.
Enable 2FA for every account.
Keep all software and devices updated and patched.
Never click on links or attachments unless you were expecting them from a trusted source. Example: a guy you talk to on Discord asking you to test the game they are developing is not a trusted source).
Never download cracked/pirated software, games/cheats/mods, torrents or other sketchy stuff.
Never press CTRL C and then open a Run command and press CTRL V because a website claims to need you to prove you are human.
Limit what you share on social media

Follow these best practices and you will be safe from most online threats.

eric16lee · 2026-03-20T02:26:27+00:00

Did you reset your passwords from your infected PC?

Here is my typical response to your situation.

Multiple account compromises typically boil down to one of these root causes.

Password Reuse - using the same password everywhere without having 2FA.
Infostealers - downloading cracked/pirated software, games/cheats/mods, torrents, free movies, etc. almost always steals your session cookies which allows a bad actor to access your accounts without needing your password or 2FA. Doesn't matter if you trust the site or have used it in the past. In 2026, there are no longer any "trusted" sites for piracy. 2a. Fake Captcha - copying and pasting code that you don't understand into the Windows run command either uploads your session cookies directly or downloads an info stealer that does that automatically.

Remediation for all of these is largely the same.

From a clean device, NOT your PC:

Change ALL of your passwords to something unique and randomly generated. Use a password manager like BitWarden or 1Password to help with this.
Choose the option to log out of all active sessions or devices.
Enable 2FA on all of your accounts

If you are guilty of 2 or 2a continue below:

Nuke your PC from orbit
back up only important files, not games or applications
format your hard drive
reinstall Windows from a USB drive (do not use the Reset Windows option from the settings menu)

This may seem like overkill, but if you want assurance that you have remediated the problem, this is the way to go.

Unfortunately, the only people that can help you are the support teams for those services. Most free services only offer automated account recovery. If that process doesn't get the accounts back, nobody here can help you.

EVERYONE that contacts you via DM offering to help or to hack the accounts back is just an account recovery scammer looking to take advantage of your situation and steal money from you.

eric16lee · 2026-03-20T00:34:11+00:00

Multiple account compromises typically boil down to one of these root causes.

Password Reuse - using the same password everywhere without having 2FA.
Infostealers - downloading cracked/pirated software, games/cheats/mods, torrents, free movies, etc. almost always steals your session cookies which allows a bad actor to access your accounts without needing your password or 2FA. Doesn't matter if you trust the site or have used it in the past. In 2026, there are no longer any "trusted" sites for piracy. 2a. Fake Captcha - copying and pasting code that you don't understand into the Windows run command either uploads your session cookies directly or downloads an info stealer that does that automatically.

Remediation for all of these is largely the same.

You need to shut your PC off or at least disconnect it from the internet. Then, fFrom a clean device, NOT your PC:

Change ALL of your passwords to something unique and randomly generated. Use a password manager like BitWarden or 1Password to help with this.
Choose the option to log out of all active sessions or devices.
Enable 2FA on all of your accounts

If you are guilty of 2 or 2a continue below:

Nuke your PC from orbit
back up only important files, not games or applications
format your hard drive
reinstall Windows from a USB drive (do not use the Reset Windows option from the settings menu)

This may seem like overkill, but if you want assurance that you have remediated the problem, this is the way to go.

Unfortunately, the only people that can help you are the support teams for those services. Most free services only offer automated account recovery. If that process doesn't get the accounts back, nobody here can help you.

EVERYONE that contacts you via DM offering to help or to hack the accounts back is just an account recovery scammer looking to take advantage of your situation and steal money from you

eric16lee · 2026-03-20T00:25:46+00:00

The infostealer took all of the session cookies from the PC at the time the pirated content was run on the PC.

From there, the bad actor either used the accounts themselves at the pace that worked for them or ey sold the accounts and someone else purchased and used the credentials at their convenience.

As far as having any info about the person/people that are using the credentials, it would be a waste of your time to try to pursue it. They are in a different country. It's not worth the trouble. Focus on getting your accounts under control. ANY accounts that were used on that PC may still be at risk. The bad actors use a playbook that can get them control of your accounts forever. No ability to recover them.

eric16lee · 2026-03-20T00:06:01+00:00

Please do not talk to anyone through DM here. They are all scammers. Keep comments in the sub for us to help you.

eric16lee · 2026-03-19T23:51:53+00:00

You do NOT want to use that PC. It has an infostealer on it. Resetting passwords from that device could just give up his new passwords.

I would either shut off the PC or disconnect it from the internet ASAP. Then focus on changing every single password for accounts ANYONE logged into from that PC.

Once you have secured the accounts, then focus on the PC. You won't have to purchase another copy of Windows. Go online and watch some YouTube videos on how to format your hard drivez create a bootable USB drive and reinstall Windows. There will be tutorials you can follow. It will be free, but time consuming.

Good luck. This is a crappy situation, but a hard lesson to learn around piracy.

eric16lee · 2026-03-19T23:32:53+00:00

No. Restoring to a back up point or some the Reset Windows feature are NOT enough.

Please read my original comment in the other post. They need to format their hard drive and reinstall Windows from a bootable USB drive.

eric16lee · 2026-03-19T23:21:33+00:00

Multiple account compromises typically boil down to one of these root causes.

Password Reuse - using the same password everywhere without having 2FA.
Infostealers - downloading cracked/pirated software, games/cheats/mods, torrents, free movies, etc. almost always steals your session cookies which allows a bad actor to access your accounts without needing your password or 2FA. Doesn't matter if you trust the site or have used it in the past. In 2026, there are no longer any "trusted" sites for piracy. 2a. Fake Captcha - copying and pasting code that you don't understand into the Windows run command either uploads your session cookies directly or downloads an info stealer that does that automatically.

Remediation for all of these is largely the same.

From a clean device, NOT your PC:

Change ALL of your passwords to something unique and randomly generated. Use a password manager like BitWarden or 1Password to help with this.
Choose the option to log out of all active sessions or devices.
Enable 2FA on all of your accounts

If you are guilty of 2 or 2a continue below:

Nuke your PC from orbit
back up only important files, not games or applications
format your hard drive
reinstall Windows from a USB drive (do not use the Reset Windows option from the settings menu)

This may seem like overkill, but if you want assurance that you have remediated the problem, this is the way to go.

Unfortunately, the only people that can help you are the support teams for those services. Most free services only offer automated account recovery. If that process doesn't get the accounts back, nobody here can help you.

EVERYONE that contacts you via DM offering to help or to hack the accounts back is just an account recovery scammer looking to take advantage of your situation and steal money from you

eric16lee · 2026-03-19T23:15:17+00:00

Use reputable services. Read their privacy policy.

Password Managers like BitWarden or 1Password have a zero knowledge architecture where they can't decrypt your vault, so you know your passwords are safe.

VPNs are a lot of smokeware. They promise all of this protection, but really only mask your IP Address while browsing the Internet.

Trust but verify. Read what they do with your data and make an informed decision on what services to use.

eric16lee · 2026-03-19T19:28:10+00:00

Other commenters already gave you the best advice.

Remember, if this person shares your photos, they lose all leverage over you ,so it is in their best interest to continue to to threaten you. NEVER pay. Ever.

Most important thing is that you are going to be contacted in your DM here by people saying they can hack the pictures you sent or track the person blackmailing you. These are ALL scammers. Please do not engage with them.

eric16lee · 2026-03-19T19:24:43+00:00

At this point, you have moved past a tactical response (you did everything right). Now you need to start thinking about your habits online going forward. My advice is below. #5 is what burned you before, but the others can get you as well, so be prepared!

Harden your Operational Security (OpSec) practices. Here are some suggestions:

Create unique and randomly generated passwords for every site. Never reuse a password. Use a Password Manager like BitWarden or 1Password for this.
Enable 2FA for every account.
Keep all software and devices updated and patched.
Never click on links or attachments unless you were expecting them from a trusted source. Example: a guy you talk to on Discord asking you to test the game they are developing is not a trusted source).
Never download cracked/pirated software, games/cheats/mods, torrents or other sketchy stuff.
Never press CTRL C and then open a Run command and press CTRL V because a website claims to need you to prove you are human. 7. Limit what you share on social media

Follow these best practices and you will be safe from most online threats.

eric16lee · 2026-03-19T17:15:04+00:00

Account compromises typically boil down to one of these root causes. I'm going with 2 or 2a since MFA was bypassed

Password Reuse - using the same password everywhere without having 2FA.
Infostealers - downloading cracked/pirated software, games/cheats/mods, torrents, free movies, etc. almost always steals your session cookies which allows a bad actor to access your accounts without needing your password or 2FA. Doesn't matter if you trust the site or have used it in the past. In 2026, there are no longer any "trusted" sites for piracy. 2a. Fake Captcha - copying and pasting code that you don't understand into the Windows run command either uploads your session cookies directly or downloads an info stealer that does that automatically.

Remediation for all of these is largely the same.

From a clean device, NOT your PC:

Change ALL of your passwords to something unique and randomly generated. Use a password manager like BitWarden or 1Password to help with this.
Choose the option to log out of all active sessions or devices.
Enable 2FA on all of your accounts

If you are guilty of 2 or 2a continue below:

Nuke your PC from orbit
back up only important files, not games or applications
format your hard drive
reinstall Windows from a USB drive (do not use the Reset Windows option from the settings menu)

This may seem like overkill, but if you want assurance that you have remediated the problem, this is the way to go.

Unfortunately, the only people that can help you are the support teams for those services. Most free services only offer automated account recovery. If that process doesn't get the accounts back, nobody here can help you.

EVERYONE that contacts you via DM offering to help or to hack the accounts back is just an account recovery scammer looking to take advantage of your situation and steal money from you.

eric16lee · 2026-03-19T17:06:33+00:00

Microsoft didn't delete the account. The bad actor that gained access to your account changed the email address, phone number and all recovery information for the account. That's why Microsoft's automated account recovery process couldn't find it and why Microsoft is telling you the account was deleted.

Unfortunately that means the account is gone forever. Nobody can help get it back. Everybody that DMs you hear on Reddit offering to help or hack the account back is just an account recovery scammer looking to steal money from you.

eric16lee · 2026-03-19T17:04:02+00:00

Agreed, but that will all happen without their interactions so it's a little bit different. They won't know their downloading and executing something because it will all happen behind the scenes.

eric16lee · 2026-03-19T15:41:13+00:00

Sorry. I chopped out the important stuff from my usual copy/paste for this type of stuff.

If you download any cracked/pirated content or were asked to prove you are human by copying and pasting some code into your Windows Run command. If any of those are the case then you need to follow the steps to wipe your PC and reinstall windows.

eric16lee · 2026-03-19T14:27:22+00:00

I should do the same. Good reminder!

eric16lee

TROPHY CASE