My email account was hacked this morning
One of my web based email accounts was hacked this morning. I have no idea how it was done. The hacker attempted to log in to my PayPal account, but did not succeed. They also tried to get a password change with one of my domain registrars, but did not succeed. All passwords have been changed, even on the accounts which were not breached, as a routine precaution.
The incident once again emphasizes the importance of maximizing security on the Internet. I don't claim to be an expert, or anything remotely approaching one, but I will share what I have learned from the incident and hope it helps somebody.
Always use a different password for every account
Think about it. I have no idea how this hacker managed to get in to my web based email account. If they had my password, imagine what might have happened if that password also happened to give them access to my PayPal or hosting account. Make EVERY password different.
If you have Hostgator hosting, use their random password generator to generate passwords for all of your accounts
The Hostgator control panel has a password generator which randomly creates very strong passwords, which you are encouraged to use for all Hostgator email accounts, domains, MySQL databases etc. Do that, but also generate strong random passwords and use them for all of your other accounts as well. You can only have one password for each account, so make it as strong as you can.
Don't leave important emails in web based accounts
It is easy to do, isn't it? Your new hosting company sends you an email with your user name and password. You leave it in your email account so that you can just copy and paste them into your FTP client and C-Panel log in. Think what would have happened to me if I had done that? The email would have been right there for the hacker to read, giving them instant access to my hosting account.
Don't keep any email on file which contains sensitive data of any kind. Always try to keep your email accounts as empty as possible. If you need something, copy it out and then delete the email. All the hacker who breached my account got was a few emails from Yahoo Freecycle telling them who was offering to give unwanted items away, and a couple of emails from railway companies confirming the booking of advance train tickets. To collect these tickets, the hackers would need the booking reference (which they now have), and the card the tickets were booked with (which they do not).
Don't keep large amounts of money in PayPal, or in any bank account linked to it
This is a security precaution for more reasons than one, given PayPal's record of freezing accounts on a whim. Don't necessarily empty a PayPal account completely every time, nor the attached bank account, but make sure that serious money is kept elsewhere. I strongly believe in spreading your money between several accounts, only one of which should have any link to PayPal.
Flash Drive and CD
The easiest way to manage these randomly generated passwords which can never be remembered is to store them in text files on flash drives and CD. The flash drive is what you would use to get in to your accounts - just stick it in the USB socket, open up the appropriate text file, copy the password, and paste it into the input field. You can then use the flash drive in all of the computers you own, and there is no need to store the passwords on the machines themselves.
The CD would just be there as a safety back up. If your flash drive freezes, you don't want to suddenly lose all of your passwords. Just put the CD into the drive, and you've got them back again. Of course, every time you open a new account or change a password, you need to either update or create a text file on the flash drive, and you will need to burn a file to your CD. It should become a routine habit soon enough. Flash drives are so cheap I recommend having one just for passwords and nothing else. You can keep it on your person at all times.
Keep CD back ups hidden
What if a burglar broke into your home, and found a CD next to the computer with "Passwords" written on it? Don't you think they would stick it in the CD drive to see what they could get access to? If you have a large collection of music CDs, you can conceal the CD amongst those easily. You probably get free CDs with your Sunday newspaper every week, many of which you will never listen to. Throw the CD out, and put your passwords CD in the cardboard folder.
Put it somewhere amongst your music CDs. You will certainly remember that you don't like X singer and that his CD is really your passwords, but is a burglar going to go through your entire CD collection in the hope of finding some passwords? Even if the burglar took your entire CD collection away with him, you could still change your passwords immediately and permanently invalidate the contents of the CD.
Security is so important that I really think there should be a section of the Warrior Forum dedicated to it. Anyway, please feel free to add any of your own suggestions to this thread, because this is one case where we definitely are all in this together. We may never be able to eliminate hacking completely, but we need to have more cases of it ending as mine has done, with no serious losses incurred.
Thanks for reading,
Andrew
The incident once again emphasizes the importance of maximizing security on the Internet. I don't claim to be an expert, or anything remotely approaching one, but I will share what I have learned from the incident and hope it helps somebody.
Always use a different password for every account
Think about it. I have no idea how this hacker managed to get in to my web based email account. If they had my password, imagine what might have happened if that password also happened to give them access to my PayPal or hosting account. Make EVERY password different.
If you have Hostgator hosting, use their random password generator to generate passwords for all of your accounts
The Hostgator control panel has a password generator which randomly creates very strong passwords, which you are encouraged to use for all Hostgator email accounts, domains, MySQL databases etc. Do that, but also generate strong random passwords and use them for all of your other accounts as well. You can only have one password for each account, so make it as strong as you can.
Don't leave important emails in web based accounts
It is easy to do, isn't it? Your new hosting company sends you an email with your user name and password. You leave it in your email account so that you can just copy and paste them into your FTP client and C-Panel log in. Think what would have happened to me if I had done that? The email would have been right there for the hacker to read, giving them instant access to my hosting account.
Don't keep any email on file which contains sensitive data of any kind. Always try to keep your email accounts as empty as possible. If you need something, copy it out and then delete the email. All the hacker who breached my account got was a few emails from Yahoo Freecycle telling them who was offering to give unwanted items away, and a couple of emails from railway companies confirming the booking of advance train tickets. To collect these tickets, the hackers would need the booking reference (which they now have), and the card the tickets were booked with (which they do not).
Don't keep large amounts of money in PayPal, or in any bank account linked to it
This is a security precaution for more reasons than one, given PayPal's record of freezing accounts on a whim. Don't necessarily empty a PayPal account completely every time, nor the attached bank account, but make sure that serious money is kept elsewhere. I strongly believe in spreading your money between several accounts, only one of which should have any link to PayPal.
Flash Drive and CD
The easiest way to manage these randomly generated passwords which can never be remembered is to store them in text files on flash drives and CD. The flash drive is what you would use to get in to your accounts - just stick it in the USB socket, open up the appropriate text file, copy the password, and paste it into the input field. You can then use the flash drive in all of the computers you own, and there is no need to store the passwords on the machines themselves.
The CD would just be there as a safety back up. If your flash drive freezes, you don't want to suddenly lose all of your passwords. Just put the CD into the drive, and you've got them back again. Of course, every time you open a new account or change a password, you need to either update or create a text file on the flash drive, and you will need to burn a file to your CD. It should become a routine habit soon enough. Flash drives are so cheap I recommend having one just for passwords and nothing else. You can keep it on your person at all times.
Keep CD back ups hidden
What if a burglar broke into your home, and found a CD next to the computer with "Passwords" written on it? Don't you think they would stick it in the CD drive to see what they could get access to? If you have a large collection of music CDs, you can conceal the CD amongst those easily. You probably get free CDs with your Sunday newspaper every week, many of which you will never listen to. Throw the CD out, and put your passwords CD in the cardboard folder.
Put it somewhere amongst your music CDs. You will certainly remember that you don't like X singer and that his CD is really your passwords, but is a burglar going to go through your entire CD collection in the hope of finding some passwords? Even if the burglar took your entire CD collection away with him, you could still change your passwords immediately and permanently invalidate the contents of the CD.
Security is so important that I really think there should be a section of the Warrior Forum dedicated to it. Anyway, please feel free to add any of your own suggestions to this thread, because this is one case where we definitely are all in this together. We may never be able to eliminate hacking completely, but we need to have more cases of it ending as mine has done, with no serious losses incurred.
Thanks for reading,
Andrew
I.M. ControlPanel - See why this online software is your key to success!
Lifetime Membership WSO
Learn. Take Action. Learn. Teach.
Publish Coloring Books for Profit (WSOTD 7-30-2015)
Converting sales copy and professional press releases -> Here <-
Internet Marketing
PLR