What I Learned From Being Hacked

A few weeks ago, my wife and I both found ourselves on the bad end of some outgoing e-mails.

Both of our primary personal accounts had been hacked.

It was about as mild of a hack as you could ask for.  Everybody on our address lists received a spammy type email from us.

The e-mails actually came from the account as they were in our sent folder.  We both got alerted as we saw messages from each other arrive, followed by a slew of ‘undeliverable’ messages for address book entries that were out of date.

I think one of our home machines had been compromised somehow, which I’ve since corrected and ensured shouldn’t happen again by making sure to do regular scans, but it taught me a few things:

  • Yahoo stinks – Even though the messages originated from my actual account, the message content and volume should have, in my opinion, triggered something to prevent the outflow of e-mails or at the very least, alerted me to a potential problem.  Outside of a few people e-mailing me back saying “Um, I think you have a problem” nothing ever got done.
  • Hotmail does too – My wife used Hotmail and ditto goes for that.
  • Gmail is pretty awesome – I had a Gmail account that it also happened to, and the reason I think that Yahoo and Hotmail should have prevented the flow of emails and locked the account is because Gmail did exactly that.  They also have a link on all Gmail pages (bottom right) where you can see exactly where and when your account was accessed.  Turns out that someone in Jamaica was the one having fun.  I was able to verify that this was in fact not a welcome login, which hopefully allowed them to flag the location and IP address to avoid other attacks.  After all this, my wife and I both ceased use of our Yahoo and Hotmail accounts, and moved to Gmail
  • Computer security is key – I had gotten lax on making sure that the computers were up to date.  From out of date virus definition files to spyware sensing software that hadn’t been run in over a year, we were not in good shape.  Every machine now updates and scans automatically, and I do a forced scan on every machine monthly.
  • Password updates are key – We hadn’t changed our passwords on e-mail accounts in a long time.  I’m talking years.  I now change all my e-mail and other key passwords monthly.
  • Password differentiation is key – We got lucky in that nothing worse happened.  It could have.  After all this happened, I realized that my password on my e-mail was the same as it was on my credit card account as it was on my bank account.  The usernames were different but only slightly.  This means that a more determined hacker could have likely done some serious damage if they did indeed have actual credentials.  Lucky they didn’t, but I now make sure my passwords are different across sites so that if someone gets their hand on one password, it doesn’t open the door to other access.

Have you been on the wrong end of a hack?  Was your hacker determined or was the damage minimal?

20 thoughts on “What I Learned From Being Hacked”

  1. I was part of the same hack…my Yahoo account. Honestly I only use it for incoming mail so I wouldn’t even have known if it hadn’t been for Lifelock. They contacted me to let me know that my password for that account was discovered for sale online.

    • That’s just lovely. And what kills me is that Yahoo does absolutely nothing about it. Way to protect your users, Yahoo.

    • I have a master password list which of course is password protected. As long as I remember the password to that, I can access just about any other password I have.

  2. Yahoo and Hotmail do suck! Gmail is pretty good with security as well as SPAM filtering etc. They have also introduced a 2 fold security, where apart from a password, you also have to enter a random set of numbers that are generated for you and available via an app on your phone.

    • I’m sure they don’t ignore it altogether but there should be some ‘sensory’ algorithim that goes on that still would catch it at a certain point.

  3. Last year my gmail account was hacked and sent out spam emails in my name. I have since changed my password and everything seems fine. The worst part is you feel very helpless and embarrassed.

    • I hate getting the e-mails from family and friends (since in my case they spammed my contact list) letting me know that I just sent out a bogus link.

  4. It’s seems odd to defend Yahoo and Hotmail, but I think I can explain part of why they don’t do anything.
    I used to work for a small company. We occassionally sent out mass emails to all of our customers (often to let them know about product improvements or special upcoming deals).
    When we used email service from our ISP, they would randomly (and it really was random) decide to block all of our emails from going out, or just some of our emails. After all, it looked like we were a spamhouse, even though we sent the mass emails maybe once a quarter.
    And then they decided, for our own protection, to start blocking all emails that came from Hong Kong, as the international server it had to go through was the one all email from Asia had to go through, and, well, there was spam.
    Problem for us- we were a manufacturing company whose main supplier was in Hong Kong- and we could no longer communicate by email.
    That ISP lost our business and we ended up setting up our own mail server (which, as the person doing it, was a bit of a pain).
    But Hotmail and Yahoo have been around long enough that businesses used them for their email. That doesn’t happen much anymore, but it used to, and when you block email coming from your customers, you lose customers. And like it or not, it’s not inconceivable that you would want to send a mass email to everyone in your address book. So Yahoo and Hotmail don’t block email. Nor do they read it.
    Having my hotmail account hacked would be a pain. But it’s a pain I’m willing to accept for less invasion of my privacy.

    • I’m sure there are thresholds that they’re working under, but in my case, I might have had 15 e-mails sent out in a 10 minute period, all under the supposed threshold. Scanning software is sophisticated enough these days that this should likely trigger a warning or event that could shut down the users e-mail until they re-verify their security. Yahoo and Hotmail are apparently cool with just letting things sail as long as they don’t hit the magical limit, even if there are other warning signs. Gmail has thresholds but also has more of a ‘sniff test’ algorithm to shut things down that look fishy.

  5. I had, in the past, made the mistake of using the same password for everything. Nothing ever came of it, but I am glad I realized how ridiculous that was before anything did happen.

  6. Yahoo really does suck compared to GMAIL doesn’t it? I don’t get WHY the guys at Yahoo just don’t make their offerings better? All the engineers are about the same here in the Bay Area!

    • Ten years ago they probably were more motivated to be cutting edge, but now since time has passed yahoo by, they probably realize they’re fighting a losing battle. I remember very well when Yahoo was the darling of the tech industry (and Wall Street). I think they rested on their laurels not realizing that they weren’t entitled to stay on top.

  7. I see, as part of my job at a computer repair shop, people come in all the time who have had similar things happen. Heck, half of them don’t even have an antivirus on their machine. Good passwords, and safe browsing will prevent about 99% of these hacks, but even the best of us get hit once in a while. Quick cleanup is important, of course, but changing passwords and tightening up ship are also top of the list!

    • Very true. It always amazes me when I find someone without any anti-virus whatsoever, or what’s even more common is people who have it installed with data files equal to the day they got their computer, never any updates.

Comments are closed.