I hope this is the right place to ask. Sorry if it isn’t.
So my brother got the typical ‘scam’ e-mail. The e-mail has the correct password of my brother and all the ‘‘I have access to everything, photos etc…’’. Now i get that this is probably a breach and his data may have once been leaked which is true because I checked it on https://haveibeenpwned.com/ . BUT here is the catch. His e-mail account, league of legends account, snapchat, old instagram account and battle.net account all got hacked. We can’t manage to login anymore and the password/username and even e-mail all got changed since we don’t get the login verification codes anymore to the e-mail he used (we were able to recover my brothers e-mail account with his backup e-mail account and we resetted the password instantly, we also saw here that there were successful login attempts into his e-mail account). We also have contacted Riot Games already since this is the only important one for him and hopefully we get that account back. We are also busy transferring every important account to a new e-mail account who we have secured in all possible ways. Now i know those e-mails are 99% a scam but since my brother actually got hacked on some accounts and even the one he uses daily (league of legends) I’m kinda scared the ‘scam’ e-mail may actually be true or is it bad timing? Can someone enlighten and help us please. My brother is panicking.
Sounds like someone targeted your brother, and potentially hundreds of other users caught up in a data breach. This is why you don’t use the same password for everything!
Step 1: Get your accounts back if possible
Step 2: You and your brother should create a Bitwarden account, and change every password to a randomly generated password
Step 3: Enable 2FA on every account possible, so if someone did manage to get your passwords, they won’t have your 2FA code
Let this be a lesson for both of you, internet security is important. We rely on online accounts and devices to live our lives in a digital age, so if you are lacking on internet security you will always be at risk for things like this.
For extra protection against data breaches look into SimpleLogin. It allows you to generate a unique email address for every account and it’s all linked to your main email account.