Hi /r/cybersecurity I was curious if you could help me make sense of an attack so that I can better prepare myself to be defended against it.
About a month ago I woke up to notifications on my phone that Google pay had been used to purchase $1000 worth of digital goods from a software key reselling website. This was not me and I declined the transactions, requested a new card from the bank, and changed my google password as well as any saved passwords that would be found in google’s password manager. It wasn’t until much later that it occurred to me that I have 2FA on my google account and even with a username/password combo, nobody should’ve been able to access my account without unlocking the screen on my phone.
This past week in the middle of the day I got a potential fraud notification that my card was used to purchase $1000 worth of digital goods on twitch.tv. It’s been a while since I used my twitch account but it had SMS 2FA enabled (have since switched to an authenticator app) and was linked to my Amazon account to disable ads back when that worked. So the attacker bypassed the 2FA on my twitch account and used the card on my Amazon account to donate $1000 to a stream from Spain.
In both cases the password was unique and fairly strong, and both accounts were protected by 2FA, albeit one was the weaker SMS based 2FA. I’m trying to figure out what kind of attack can bypass 2FA and prepare myself to be better protected against this in the future.
I did recently have a laptop serviced under warranty for a defective screen. I’m thinking someone at the repair center copied and hijacked the cookies on my browser while they had physical access to my PC. Is that a plausible explanation?