Responding to a Hacking Incident: My Experience and Lessons Learned

Recently, I fell victim to a classic online scam that many gamers may be familiar with: the “Test my game” ruse. This served as a stark reminder of the importance of vigilance in our digital interactions.

It all began when I received messages from two long-established Discord accounts—familiar names that I had known for years. This familiarity lulled me into a false sense of security, and I let my guard down. They provided a link to a website, claiming to have a “game” for me to test. Unfortunately, I succumbed to this trap and executed the file they sent, only to discover a third account contacting me shortly after, revealing a chilling screenshot of my Google account logged in on their end.

In this moment of realization, I felt a mix of panic and urgency. Fortunately, I had a backup notebook available, which enabled me to disconnect my primary PC from the network immediately. I logged out of all devices linked to my Google and Discord accounts while also initiating a thorough password reset across all platforms, especially since my passwords were saved on Google. Additionally, I employed two-factor authentication (2FA) wherever applicable to bolster my security.

On my PC, I took decisive action by performing a clean installation of Windows 11. This process, however, only wiped the drive where the operating system was installed. I ran Windows Defender for a full scan right after the installation, and I’m currently running another scan for added assurance. To further enhance my defenses, I plan to install Avast and Malwarebytes to conduct additional thorough scans. For now, I’ve kept my PC off the network as a precautionary measure.

For those who are interested in examining the malware, I found it hosted on oblivora.com—a site I would strongly advise against visiting.

While I would prefer not to perform a complete wipe of all my drives, I know it might be necessary for comprehensive safety. If anyone has experience with this, I would greatly appreciate recommendations for effective tools that can facilitate a full drive wipe.

Finally, as I reflect on these events, I’d like to ask: Have I taken the right steps to remove the threat effectively and secure my accounts? If you have any insights or further advice on dealing with such situations, I would love to hear your thoughts. Stay safe out there, and remember that in the digital world, caution is your best ally.