Hacked!
Tuesday, 18 October 2011
http://m.theatlantic.com/magazine/archive/2011/11/hacked/8673/1/
Short version: a gmail account of a woman was hacked and an email was sent to all her contacts saying she was stranded in Madrid and needed money to be sent… via Western Union.
Yes I know what you’re going to say, tl;dr but you should and here’s why…
It teaches you that you should backup your data, even if it lives in the cloud…
a message from Google’s help system arrived in my account, with instructions on how Deb could at last reset her password and regain control of her information.
She did so, and logged into her Gmail account with enormous relief, which lasted perhaps five seconds. When she looked at her Inbox, and her Archives, and even the Trash and Spam folders in her account, she found—absolutely nothing. Of her allocated 7 gigabytes of storage, 0.0 gigabytes were in use, versus the 4+ gigabytes shown the day before. Six years’ worth of correspondence and everything that went with it were gone.
And even web services that promise you security are not invulnerable:
Chastened by my wife’s experience, I decided to make my online passwords “stronger,” and to shift to an online storage site to manage them. The following week, that site—LastPass.com—was itself hacked and some of its data stolen. (I still use it, as I’ll explain.)
If you haven’t been a victim of a hacked email account, don’t count your chickens just yet:
At Google I asked Byrant Gehring, of Gmail’s consumer-operations team, how often attacks occur. “Probably in the low thousands,” he said. “Per month?,” I asked. “No, per day,”
How could it happen? (emphasis is mine)
As in thegreat majority of hacking cases, my wife had been using the same password for her Gmail account as for some other, less secure sites, where her username was her Gmail address.
And your username doesn’t have to be your same email address to be vulnerable, because a less secure site can take down your overall safety:
“If you have ever used the same password in more than one place, you have reduced your overall safety record to whichever site had the lowest amount of protection,”
Or you could have registered in a fake social network and voilà, you’re toast (I know some that have).
And then there’s identity theft threat:
The greatest practical fear for my wife and me was that, even if she eventually managed to retrieve her records, so much of our personal and financial data would be in someone else’s presumably hostile hands that we would spend our remaining years looking over our shoulders, wondering how and when something would be put to damaging use. At some point over the past six years, our correspondence would certainly have included every number or code that was important to us—credit-card numbers, bank-account information, medical info, and any other sensitive data you can imagine.
So with all those threats, why would you still have only one password for all of your online credentials? Are you sure you want to use the same password to your online banking and that new Facebook-for-Latinos-that-dance-electro-salsa? Didn’t think so.
Managing multiple passwords is hard, but there’s apps for that:
I personally use 1Password , the author recommends LastPass and RoboForm . All of them seem to work just fine, andthey allow you to have to remember just one password while having different passwords for each site you use (yeah I know, sorcery).
1Password even allows you to safely store credit card information, personal id numbers so you and other pieces of information like serial numbers for software and other random notes.
The sad side of this story is that her family tried to actually help her by sending money, if you receive an email like this go ahead and call that person or relatives to confirm she’s in trouble.
And if there’s Western Union somehow involved, be extra wary.