A few days ago, I received an email from my good friend Peter that was highly unusual:
As soon as I read the first line, “with tears in my eyes,” I knew that his email account had been hacked. In April, Tobias received an email from one of his colleagues that said the same exact thing. (But at the time, it made more sense because that was the weekend the volcano first started spewing ash into the skies and cancelled all sorts of air travel across Europe.) Guessing it was a hack, but not wanting to be a bad person if she was really in trouble, Tobias responded to her mail. His doubts were confirmed when the hacker replied with instructions on how to transfer money to his “stranded” contact.
So I thought, uh oh – this is bad for Peter. Some connard hacked into his gmail account! I posted on his facebook wall to let him know of this…and several other people had done the same. Worse, he had no access to his gmail account. Unfortunately, the hackers also used his information to take control of his facebook account, locking him out of both of these services. In fact, as of yesterday, Peter is no longer anyone’s friend on facebook – we think the hackers deleted his profile altogether.
Many people also contacted me, when they couldn’t contact Peter, to see if he was alright. One friend called me and was worried for him – believing he really might be stuck in Wales. My mom was also confused – she thought Peter was at home? I reassured her, and the others who contacted me, that this was a hacking situation and that Peter is, in fact, safe at home in the USA.
Peter and I agreed that the email wasn’t even that convincing (even in a stressful situation, Peter would have had better grammar and spelling in that email!) but I guess some people just don’t know the difference. Or, like Tobias, they may have had doubts, but also cared about their friend and wanted to make sure he was okay. Peter’s parents even got two phone calls from friends asking where they could send money. Yikes. Well, the good thing in this situation is that a lot of people tried to contact him – otherwise, he wouldn’t have known he was hacked and been able to warn people. (Until he was locked out of his account, that is.)
But the email thing is the most distressing. He has absolutely no access to his emails. He filled out gmail’s account support form and input his information several times, as people in online discussion communities with similar problems had done. He entered in a secondary email address (a “safe” email he has access to; he put in his dad’s address), and they sent an email saying they received the form, etc. He said that eventually, as your information gets more and more accurate on your form, they’ll send you a code to get back into your account.
So that’s how he got back in. Initially. And then, even after changing his password twice more, he was kicked off right in the middle of a gchat conversation with our friend Paula, and he hasn’t been able to get back in since. He filled out the form several more times, but thus far, to no avail.
I’m not sure if he’ll get his gmail account back. He even changed his facebook password, but not the email address linked to it. He wishes he had, because now he has no facebook either.
Peter won’t be going back to gmail, but instead decided to pay for Apple’s MobileMe ($99/year). One benefit is a live helpline he can call in case something like this happens again; that is something he wished google had in this situation. It’s true that sometimes talking to someone about problems can be much easier and much more direct than scouring discussion boards and help articles online.
But there are certain things you can do to make your gmail account safer: enabling “secure” sessions only (https:// instead of the usual http:// – this is the same thing you [should] see on online banking!). And entering a phone number and a secondary email address that will receive the password reset codes. But the most basic thing you can do is to create a strong password.
Time for a change (of password).
Peter admitted that his password was weak. Very weak. No numbers, no capitalization, no special characters. Just two small words that were too easy to hack.
This situation has convinced me that it’s also time for me to change my own password. Even though my own password is considered “strong” by Microsoft’s secure password checker, I’ve had the same one for over a year, now. While writing this post and researching this topic, I’ve found sources that recommend changing your password every couple of weeks.
Perhaps it’s also a good idea to have not just one password for all your online services. In Peter’s example, he’s now locked out of his email and facebook accounts, which both had the same password. I think it’s especially important for any secondary email addresses to have different passwords, in case the hackers check the secondary email address as well.
Now it’s your turn.
Is your password a simple word or two? Is it your birthday? A maiden name? Your ATM pin code? BAD idea. Go change your password. You’ll be glad you did.
I’d love to hear from you guys about this – has someone ever hacked into your account? Has it happened to anyone else you know?