Hello to everyone…
This is my first post and i write this down because i had a security bridge to my accounts yesterday…

Actually this started at 05/11 when i saw some serious movements on my paypal account that someone tried to use my connected credit cards to charges me 3.000€/$ (and various amounts) and the charges have failed.

Then i received a success message that my credit card has been charged with the amount of 516€ and after a little digging i saw that i had first a charge of 50.40€ few hours ago.

Of course i disputed all of them and i cut off all the cards from paypal and spoke with my bank to inform them.

The merchants had credit me back the charges and i changed the password immediately…

Next day during my way to work, i received an email from Google that said that my Gmail password has been changed recently…
I didn’t changed my e-mail password the day before (that was my fault) and i get panicked about that…

I got in my e-mail the minute after, i found the recently new e-mail on the trash and i use it to recover my account very very fast…

Of course after that i changed all my passwords that includes that e-mail.

After i calmed down, i thought to check it thoroughly to see where was the “cracker” attacking from…

The Google told me that his connected IP through my account was from Czech Republic and the IP was 5.62.62.155…

http://i64.tinypic.com/2mm9rit.png

I tried first to open that IP directly from my browser without success…
Then i tried to ping it without success too…
Then i tried to trace it to see where it will leave me…

The results is as below…

http://i65.tinypic.com/24ypx1l.jpg

So a was socked once more…
I thought that wasn’t possible and i went to avast site to contact them to see what they will say and i found that they have headquarters in Czech Republic https://www.avast.com/en-us/contacts.

So now I’m wondering if someone from there do that to me or they have a security bridge…

I already spoke with the police and with Electronic Crime Prosecution Division in order to see if Avast or anyone else is involved in that case.

Also this message will go to google too because i have 2-step verification enabled and how someone got to my account from Czech Republic and google didn’t ask me to verify that!

I don’t know if this is the correct forum to ask for answers if not, please move it accordingly.

Thanks,

Dimitris S.

Do you currently have or have you had a paid version of Avast on your system ???
If so, this was most likely an automated renewal of that software.
When you install the paid version of Avast unless you uncheck "auto renewal’ your
subscription is automatically charged when due the following year.
That will happen even if you’ve stopped using the product unless you cancel the auto renewal.
No different than any other auto renewal authorization
Certainly not a hack.

Turn off Auto Renewal:
https://www.avast.com/faq.php?article=AVKB24#idt_0100
You can also look at/change the auto-renewal yourself here: https://www.avast.com/find-order

Probably you didn’t see the screenshots i upload…
As you can see google said that my password has been changed from that ip which later found that ends in Avast!

There is nothing to do with auto-renewal system etc.

I’ve reported this to Avast both here and on the developers channel.

Hello DoSMaN,

Sorry to hear what happened. This IP is being used by our Consumer VPN pool, which means that whoever tried to take over your account used one of our VPN products in an attempt to mask their identity. This is obviously a violation of the Acceptable Use Policy we have and I have sent the details to our abuse team.

Cheers,
B.

EDIT:
Added brief explanation

Hiya DoSMaN,

Im with Avast abuse team and Im looking at your situation. Can you please confirm the time stamp and the time zone of the incident as well as source port number?
The IP address used is one of our VPN pool so we need this information in order to locate the responsible user.

Looking forward to hearing from you.

I only have the ip and the time as it shows on the screenshot on my first post.
I live in Greece so all of notification are in Greece local time, the time zone is GMT+2.
The last one regarding the port, i don’t know how to find that since it didn’t take place on my computer but remotely.

Also just fyi, i heard and i read in Google (gmail) forum that in the past 5-10 days there are many incidents like mine but as i looked neither of them looked thoroughly as i did so i can’t be 100% sure that is some coordinated “attack” or something…

Thanks DoSMaN,

Can you confirm the date?

Of course… it was Nov. 06 2017 9.09 in the morning GMT+2

Here is a new screenshot at is seems right now

http://i67.tinypic.com/25rf8kh.jpg