My bank, legitimately, notified me today that there had been several days worth of invalid login attempts to my bank account. I had to reset my password.
When I checked the login history, it showed a series of login attempts using Firefox 89.0 on my MacAir laptop. All of the attempts were in the early morning hours from just after midnight to 4AM. None of them were from me. Unfortunately they don't track the IP address.
While I have and use Firefox, I use it sparingly and always keep it updated. My current version is 112.0.2.
I would appreciate any ideas of how this could be happening. I use 1Password and have a very robust password setup for all of my accounts.
Thanks for any help.
First, a program can identify itself to websites any way it likes. Firefox can tell the site it's Chrome, Edge, or Internet Explorer, and vice versa. So unfortunately, that part of the information may not be reliable. But if the Mac has a global search for any other installations of Firefox.app, that would be worth checking in case there is a hidden version somewhere.
You also could use a tool like Malwarebytes (free trial and free version available) to check whether any known malware is on the system. See: https://www.malwarebytes.com/mac
I did determine that it was my username that was likely pawned. They were unable to break the password. I changed the username today and I'm in the process of updating all of my key accounts as well as the primary login for my password manager.
I also reviewed my authorized devices and deleted any that weren't recognizable.