I got a little panicky and spammed Reddit earlier. I’ve calmed down somewhat but still a little frazzled. I hope you can bear with me as I put my thoughts into order.

I woke up (with lack of sleep) and noticed that someone had hacked my Discord and was spamming Free Nitro. It looked to be automated, so no real person behind it. I checked my PWs and the one that was used to gain entry to Discord was credential stuffed - I know I shouldn’t use the same PW for multiple sites, but I thought my PWs were strong enough. Yes it’s my fault.

Here’s what I have done so far :

a) Try to find a PW manager. Everyone says Bitwarden, but it’s been giving me tons of errors, even with the Bitwarden staff assisting me. I’m leaning towards KeePass 2.

b) Change the most critical sites that use the same PWs. Anything that has a storefront or important/personal data. Apparently, not all CC purchases use 2FA? I changed about 30+ so far.

c) Have not yet changed any site that has 2FA or email-based verification (my email PWs are stored on paper IRL)

Not all sites have a straightforward PW change, so it’s been a hassle. I think I have gotten the important ones handled.

What I’d like to know/need help with :

a) Do I need to change the PWs on all affected sites? (with same PWs) I am ok with letting a lot of forum logins that I haven’t used for years just die.

b) What do I do next, or don’t do? Obviously I’ll use a PW manager from now on, and change everything. I have not yet contacted my bank because I’m overseas.

c) How badly am I affected? The hack didn’t seem to involve a human, so it’s bad but not that bad, yes?

I just moved to a new country and I haven’t had enough sleep or rest, on top of other things, so it’s been very rough. :(