I need a massive help from the Fiverr freelancers about my account which. Has been hacked some days before !!!!

[developerlikhon]

Hello fiverr freelancers, Hope all are doing well. 

So basically I really need help from you guys. 

Actually my account has been hacked at 20th April. The client has shared a link to my inbox and told me to create a site like that. 

I clicked on the link and after some moments I saw, My Fiverr account has been logged out from my mac and as well as my phone. After seeing this, I was shocked and tried to login again and fortunately I logged in. 

And then after that for my security I gone to CS for getting an idea that how the scammer got the access of my Fiverr account and just wanted to know if there’s any issue with my account as the scammer got the access of my account I was a bit scared. 

So after that the CS has restricted my account for no reason, and asking me to fill up the last 4 number of my mobile digits, date of birth and Fiverr security questions. 

I provided the first 2 things which is mobile digit and the date of birth, but unfortunately I forgot the security answers and I was not able to provide that. 

Then they have asked me to guess the answer, I tried but got no luck. 

So in this case I told them that I can provide my Government ID which has been used to create my seller profile but they have refused that and asking me again n again for the security questions. 

In this case, is there anyone can help me to bring my profile back? And also ( @Kesha ) or ( @Lena ) or ( @Seven ) anyone here who can kindly have a look into my profile and bring this back? 

I am already working with my clients and as I got restricted no new clients can send me message or I can’t even sent any messages. Even my gigs are also in denied position. 

That means I really do not have any other scope to get more work, so as soon as possible I am trying my best to recover this profile. 

And just want to start where I have left. 

Thats all my story, I am very pleased to get the community freelancer support to stand with me and get my account back 🙁 

Thanks,
Likhon Ahmed

[developerlikhon]

3 hours ago, grayprogrammerz said:

After clicking link, what did you do ?

Did you enter credentials on fake site (phishing) ?

or ran any malicious software executable ?

 

I wouldn't believe if just clicking a link can do such.

(unless browser is outdated and was exploited, but even after its less than 1% chance)

It's important to understand the risks associated with visiting malicious websites. When you visit such sites, they can potentially access your browser's cookies. Every website stores important information in cookies, and if these are hijacked, it can lead to serious issues.

As web designers, we are aware of how these threats operate. However, part of our job also involves checking client reference websites, which may pose risks beyond our control. If you're unsure about cookie hijacking, I recommend researching it online to learn more about the topic

[grayprogrammerz]

56 minutes ago, developerlikhon said:

It's important to understand the risks associated with visiting malicious websites. When you visit such sites, they can potentially access your browser's cookies. Every website stores important information in cookies, and if these are hijacked, it can lead to serious issues.

As web designers, we are aware of how these threats operate. However, part of our job also involves checking client reference websites, which may pose risks beyond our control. If you're unsure about cookie hijacking, I recommend researching it online to learn more about the topic

For confirmation you mean a website can access 3rd party sessions stored in your PC ?

e.g attacker site can steal Fiverr's cookie if we visit them, yes ?

[developerlikhon]

1 hour ago, grayprogrammerz said:

For confirmation you mean a website can access 3rd party sessions stored in your PC ?

e.g attacker site can steal Fiverr's cookie if we visit them, yes ?

First, your personal computer doesn't store data from websites directly. Each website has its own server where all its data is kept. This is known as web hosting. For instance, when you visit a site like Fiverr and log in with your account details, Fiverr's database checks whether your login information is correct. If it is, the database lets you access the Fiverr site smoothly.

To manage this process, Fiverr uses a method called cookies. Cookies are small pieces of data stored in your browser that contain information like access tokens. These tokens are kept until you log out of your account.

Now, if you visit a harmful website while still logged into Fiverr, and this harmful site has malware that can hijack cookies, it can steal your cookie. Once a malicious website steals your cookie, it can gain access to your access token. This is how hackers can potentially compromise various websites using this method.

I hope this explanation helps clarify things for you.

[developerlikhon]

Great news! My Fiverr account has been restored with the help of Fiverr customer support. I want to express my sincere gratitude to everyone in this Fiverr forum community for providing suggestions and resources. A special thanks to @priyank_mod for tagging @vickieito, and thank you @vickieito for sharing your story. I also want to thank @Lena for reviewing my profile and bringing my issue to the attention of the Fiverr team. Once again, thank you to everyone for your help.

[grayprogrammerz]

13 hours ago, developerlikhon said:

Now, if you visit a harmful website while still logged into Fiverr, and this harmful site has malware that can hijack cookies, it can steal your cookie. Once a malicious website steals your cookie, it can gain access to your access token. This is how hackers can potentially compromise various websites using this method.

I'm thankful for your explanation. It will help me and others ensuring future security.

 

what I'm worried about, that could also mean Facebook can access Fiverr's cookies ?

Google can access facebook and so on... ?

Not sure if I'm understanding correctly, but that doesn't make sense.

I mean if that was possible, every 3rd party site we visit, would have accessed and logged our all sessions ?

On daily basis, we visit random blogs, doing searches, different forums... My history states, I have surfed 200+ sites in April. So do they all have ability to steal my sessions ?

12 hours ago, developerlikhon said:

Great news! My Fiverr account has been restored with the help of Fiverr customer support. I want to express my sincere gratitude to everyone in this Fiverr forum community for providing suggestions and resources. A special thanks to @priyank_mod for tagging @vickieito, and thank you @vickieito for sharing your story. I also want to thank @Lena for reviewing my profile and bringing my issue to the attention of the Fiverr team. Once again, thank you to everyone for your help.

Congrats! 🥳

[smartdezigns]

14 hours ago, developerlikhon said:

Great news! My Fiverr account has been restored with the help of Fiverr customer support. I want to express my sincere gratitude to everyone in this Fiverr forum community for providing suggestions and resources. Once again, thank you to everyone for your help.

Congratulations! But don't forget to set your security question and password and note them somewhere safe. I usually save them in Google Sheet in one of my gmail account. You can do the same. 

[jabirahamed20]

@developerlikhon did you got the account back buddy? 

[mituakter78]

It's really sad. Was the client who gave you the link a new client or an old client? And instead of clicking on the link first, you should have copied the link, checked the malware and then clicked on the link.

[developerlikhon]

5 hours ago, jabirahamed20 said:

@developerlikhon did you got the account back buddy? 

Yes, the Fiverr Customer Support Team restored my Fiverr account.

[developerlikhon]

8 hours ago, smartdezigns said:

Congratulations! But don't forget to set your security question and password and note them somewhere safe. I usually save them in Google Sheet in one of my gmail account. You can do the same. 

Thanks, basically I store important things in a physical notebook, but I forgot to write down my Fiverr security question in the notebook. 😞

[developerlikhon]

10 hours ago, grayprogrammerz said:

I'm thankful for your explanation. It will help me and others ensuring future security.

 

what I'm worried about, that could also mean Facebook can access Fiverr's cookies ?

Google can access facebook and so on... ?

Not sure if I'm understanding correctly, but that doesn't make sense.

I mean if that was possible, every 3rd party site we visit, would have accessed and logged our all sessions ?

On daily basis, we visit random blogs, doing searches, different forums... My history states, I have surfed 200+ sites in April. So do they all have ability to steal my sessions ?

Congrats! 🥳

Not every website can access cookies from other websites. Only malicious websites with cookie hijacking scripts can do that.

[smartdezigns]

3 hours ago, developerlikhon said:

Thanks, basically I store important things in a physical notebook, but I forgot to write down my Fiverr security question in the notebook. 😞

Note it this time so that you don't have to face this incident next time. Good Luck! 

[developerlikhon]

4 hours ago, smartdezigns said:

Note it this time so that you don't have to face this incident next time. Good Luck! 

Yes, I'll do that this time.

[ashrafulstudioz]

stay away from fake buyers