About two weeks ago on 03/22, there was an attempt to login to my online Chase bank account. I was aware of this when I noticed an email from Chase, which contained a verification code to login on a new device. Immediately, I certainly knew that this wasn’t me and proceeded to change my password. Fortunately, customer service told me the person wasn’t able to fully successfully login. It was from a Windows device titled “Windows NT 10.0”.
Today (04/03), I noticed multiple charges on my Chase debit card. Two gift cards were purchased with my debit card through my Best Buy account. I checked my Gmail for confirmation emails for those orders, and surprisingly ended up finding them in the trash bin. I knew they now had access to my Gmail and Best Buy accounts, and immediately changed the passwords for both of those accounts.
Through Google’s settings, I checked all the devices my account is currently signed into, and found out that someone on a Windows device using FireFox successfully logged into my Google account on 03/22, the same day as the attempted login to my bank. This same device had a login at around 5 AM, which was the same time the gift cards were purchased. The only computer I use is a Mac, and the browser that I use is Brave. No one I know has a Windows computer other than my father, to which I know for certain that this activity isn’t his.
I currently have all passwords to most of my online accounts changed. I use Bitwarden as my password manager, and have been using Bitwarden’s password generator to create unique passwords for each account that I have. I have also signed out of my Google account on all devices except for the one I’m currently using, and have enabled two-factor authentication.
My main question is, how? How were they able to successfully login to my Google account without my knowledge? To my understanding, when Google sees a login from an unrecognized device with a different IP, they usually ask for confirmation through a verification code through Google Authenticator or through text message, but they were able to just login without any of that. Did they possibly infiltrate my Bitwarden account, hence why they were able to log into my Best Buy and Gmail accounts? I am genuinely clueless as to how they were able to pull this off and was just wondering if I could get some insight as to how they did this and if there is anything else I should do to keep my information more secure.