2

Assume an attacker gains access to a user's account on some cloud service (like my Google, Microsoft, or whatever ), the user discovers this, and changes their password.

What are the scenarios that the user should then watch out for to ensure that they are totally safe from the attacker?

If the question is too general or vague in the above form, let me just ask a specific case which applies to me: I recently changed my password on Microsoft OneDrive due to concern it was compromised and I want to be sure my computer is safe when I reconnect to the service. Beyond being sure not to execute some malicious executable left behind by the attacker, is there anything else I need to do to stay safe? Are there any other attack vectors that I should be watching out for?

Thanks!

Tom K.
  • 7,976
  • 3
  • 32
  • 53
idonutunderstand
  • 135
  • 5

1 Answers1

3

First you should make sure that there are no apps associated with your account which still might have access - see Secure Your Online Accounts By Removing Third-Party App Access. Then you should make sure that the attacker gets not access to your account again.

This means that you should check that the attacker has not left some kind of backdoor into your account: check any recovery email addresses, phone numbers etc to make sure that these are only addresses and phone you and only you have access to. And if the account provides recovery using secret questions make sure that these are the ones you and only you have the correct answers for.

Apart from that figure out how the attacker get access to the account in the first place and make sure that this and similar ways don't work anymore. Such path might for example have been weak passwords or reused passwords, access to a device or email you've setup for recovery or easy to guess answers to the recovery questions.

Also, for additional protection setup 2FA on the account.

Steffen Ullrich
  • 201,479
  • 30
  • 402
  • 465