Hi I recently was hacked unfortunately due to a stupid screw up involving a person who had hacked a friend's account and had me download some malware disguised as a "game… (read more)
Hi I recently was hacked unfortunately due to a stupid screw up involving a person who had hacked a friend's account and had me download some malware disguised as a "game he worked on" and managed to get all my passwords stored in Firefox (spent 9 hours straight changing all 200 of them and wiping the laptop). I believe I am misinterpreting some things on how secure the storage of passwords are for Firefox as I thought using the "Primary Password" function would encrypt everything properly. The hacker proved he had them unencrypted sending some examples to me to flaunt.
Was he able to attain access to the passwords due to me already having firefox open when I was compromised (even if the primary password is asked before entering each password?) Or is there some issue with firefox not storing them properly? Or is there some other less know issue with windows or edge or something "stealing" the passwords and storing them in an unencrypted file without me knowing?
This whole thing makes me feel less trustful of firefox to say the least and while the hack itself was my fault I just want to know if there was something else I could have done other than using keepass or some other password manager to exclusively store passwords (which is what I am going to do now and probably should have been doing)
TLDR
- Primary password did not stop hacker from seeing passwords
- Any clarification on whether this was my fault in trusting it for such things or if there is an actual issue with firefox's approach
Thanks for any help or clarification.