A few weeks ago, my wife and I both found ourselves on the bad end of some outgoing e-mails.
Both of our primary personal accounts had been hacked.
It was about as mild of a hack as you could ask for. Everybody on our address lists received a spammy type email from us.
The e-mails actually came from the account as they were in our sent folder. We both got alerted as we saw messages from each other arrive, followed by a slew of ‘undeliverable’ messages for address book entries that were out of date.
I think one of our home machines had been compromised somehow, which I’ve since corrected and ensured shouldn’t happen again by making sure to do regular scans, but it taught me a few things:
- Yahoo stinks – Even though the messages originated from my actual account, the message content and volume should have, in my opinion, triggered something to prevent the outflow of e-mails or at the very least, alerted me to a potential problem. Outside of a few people e-mailing me back saying “Um, I think you have a problem” nothing ever got done.
- Hotmail does too – My wife used Hotmail and ditto goes for that.
- Gmail is pretty awesome – I had a Gmail account that it also happened to, and the reason I think that Yahoo and Hotmail should have prevented the flow of emails and locked the account is because Gmail did exactly that. They also have a link on all Gmail pages (bottom right) where you can see exactly where and when your account was accessed. Turns out that someone in Jamaica was the one having fun. I was able to verify that this was in fact not a welcome login, which hopefully allowed them to flag the location and IP address to avoid other attacks. After all this, my wife and I both ceased use of our Yahoo and Hotmail accounts, and moved to Gmail
- Computer security is key – I had gotten lax on making sure that the computers were up to date. From out of date virus definition files to spyware sensing software that hadn’t been run in over a year, we were not in good shape. Every machine now updates and scans automatically, and I do a forced scan on every machine monthly.
- Password updates are key – We hadn’t changed our passwords on e-mail accounts in a long time. I’m talking years. I now change all my e-mail and other key passwords monthly.
- Password differentiation is key – We got lucky in that nothing worse happened. It could have. After all this happened, I realized that my password on my e-mail was the same as it was on my credit card account as it was on my bank account. The usernames were different but only slightly. This means that a more determined hacker could have likely done some serious damage if they did indeed have actual credentials. Lucky they didn’t, but I now make sure my passwords are different across sites so that if someone gets their hand on one password, it doesn’t open the door to other access.
Have you been on the wrong end of a hack? Was your hacker determined or was the damage minimal?