List of compromised websites and scope of damage, by Nano Adblocker and Defender

3 min read Original article ↗

Checklist for everyone affected

  • Login sessions between 10/15 and 10/16 are most likely to be affected
  • Check your Instagram for random likes, even if you didn't visit it for a long time, you might be still affected
  • Check other websites you visited in the past 10 days for a suspicious activity
  • Check your accounts for suspicious login attempts
  • If suspicious activity found, report below

Countermeasures

  • Your passwords are probably fine so far. This is actually confirmed by the reports of failed logins by some, as some websites are smart enough not to allow suspicious usage of stolen cookies, which is good.
    However, it can be compromised if you visited a website with poor security practices (which store passwords in cookies, for example).
  • DO NOT simply delete cookies from your browser. Cookies on the server-side need to be refreshed, which cannot be done by deleting cookies on the client-side
  • You need to logout ALL sessions of websites that you visited in the past 10 days.
    Find the option in settings to "Terminate all sessions", which will invalidate all previously issued cookies at all locations.
    If there is no option to terminate all sessions, you can contact support for assistance in terminating all of your sessions due to possible cookie theft.
  • Login again to refresh session cookies
  • As a last resort, changing password should (although it might not) invalidate all previous cookies. (List of compromised websites and scope of damage, by Nano Adblocker and Defender #5 (comment))

Please READ the following web page for help and a detailed explanation of what happened #5 (comment) #5 (comment)
https://chris.partridge.tech/2020/extensions-the-next-generation-of-malware/help-for-users/

other info: #2 (comment) info in session cookies

If you want to rant, you can go to #4
For other issues, you can also go to #3 or #2
You may have one or more or none accounts affected

If one or more of your accounts of some websites/apps has suspicious activities recently, you can use the following format to help report/confirm being compromised,

1 website: www.something.com
2 saved passwords on chrome? YES if password was saved/ NO if password was typed
3 suspicious activity on login session page (if provided): YES (eg failed logins) /NO 
4 unauthorized activity on website/app: describe what happened

Websites already confirmed to be compromised

Instagram
You can check suspicious activities by
On Instagram Mobile, Settings > Security > Login Activity
On Instagram Website, Settings > Login Activity
On Instagram Mobile, Settings > Account > Posts You've Liked
to see if you have unauthorized likes
Question: need a way to remove unauthorized likes
A solution: #5 (comment)

Websites that may be compromised, needs confirmation if it is related to this incident

Github: check the security log to see if there are failed attempts to login recently #2 (comment)
(2 confirmed suspicious activity with failed login)
https://github.com/settings/security-log

Microsoft/Outlook account
(2 confirmed suspicious activity with failed login)
https://support.microsoft.com/en-us/account-billing/check-the-recent-sign-in-activity-for-your-microsoft-account-5b3cfb8e-70b3-2bd6-9a56-a50177863357

Twitch
(Question: maybe no way to check login sessions?)
https://help.twitch.tv/s/article/account-hacked?language=en_US