|
October 20, 2017, 08:29:19 PM |
|
ok, as I see the logs, it looks like you log in with username and password, then you get challenged with 2fA
The russian ip address tries a few times, but doesn't get through to the actual account. On too many tries, the account is disabled for a while, and the next attempt is you trying to log in again. your attempt reads login_b4_2fa and then less than 30 seconds later you see the log in message (meaning you got 2fa working)
it looks like someone tried your username and pass, but didnt have the 2fa. The things that stand out to me:
1) is the login_b4_2fa showing they have your password and didnt get to the account? If so I would change your passwords and check in to that. 2) There is an entry for your screenshot showing where you created an api access key. As I understood it, that might give someone access to your account, but im not sure. Perhaps someone smarter than me (read that to mean everyone) can chime in here. 3) the attempt to log in from that russian ip address also looks like it happened 7 min after you set up 2fa in the first place. That to me is interesting... 7 min after you set up 2fa your account gets an attempted hijack.
Check back further in the logs to see if there were successful log ins before that.
edited cause im stupid and dont finish my thoughts before hitting submit.
|