don’t really know where to post these questions. I’ll give it a shot here. 3 days ago, Google asked me to verify the login. The login location was exactly where I am, so I clicked on yes. Several hours later, I started to get messages that my Robinhood account, which I only use on my phone had a bank transfer. Then my google play account tried to send some1 money. Then my autofill started to show up with other people’s addresses and emails and passwords that I don’t know. Then I realized the login attempt was a hacker. My system was reinstalled about 2 weeks ago, and I have windows defense, Malwarebytes installed. No malware found. There are two things that really disturbed and confused me. I will list them below.
I started to check my google account activity, and I found something strange. The device I am using, a desktop, logged in with several different IP addresses, The first one is mine, and it belongs to spectrum. So does the 3rd and 5th ip addresses. The 2nd and 4th both belongs to the same ISP. But what confuses me is that how can my Desktop device log in to chrome with so many different IP addresses which clearly isn’t mine, since I never used VPNs.
Simultaneously, the same day, my mother’s bank account was hacked. It might have been thru my google chromes autofill or a data breach since she uses the same email/password everywhere. The hacker tried to threaten my mom via text messages with her personal information, like addresses where she used to live. And interestingly enough, the attacked texted her a company name with a truck tracking number(this is a pdf file that’s only my Desktop, which was downloaded a few days ago using Chrome). The file has the tracking number in its title, but the company name is only in the file.
Now, I am really concerned about how compromised I am. I dont understand how the hacker who tried to threaten my mom knows something thats only on my PC, and this same desktop of mine has logged in chrome via different ip addresses which dont belong to me.
My assumption is that the attacker got my google password from a data breach, then tried to get all the information from my account, then switched to logging in to my mother’s bank account thru google autofill, then also found out about that pdf file in my download history(I am not sure about this part because the download history is only device-specific.) But this doenst explain why my PC logged in to chrome using so many different IP addresses. Could it be that my machine has some kind of virus that provides a backdoor to the attacker? Please help.