My email account got hacked recently š.
Iāll explained what happened, how it happened, and the steps I took to prevent this sort of thing from happening again.
Warning: this story gets very cringeworthy.
What Happened
How did I find out? Well I got an email saying that some malicious software had been downloaded on my computer and had obtained some scandalous information about me. The email threatened to release the information they captured if I did not pay them with Bitcoin.
Apparently this is a fairly common email scam that goes around. Usually the email contains passwords used on some other websites as a way to legitimize the claim/threat. These passwords are usually obtained through large data leaks. However, in my case, the way they tried to legitimize the claim was to point out how they emailed me through my email account (i.e. my email account sent an email to itself) and hence my email account has been comprised.
Looking at the from and to fields did confirm the email was sent to myself š°. I was hoping that this was some sort of email spoofing, but when I checked my sent folder the exact email was right there in my sent folder š«.
I was still in disbelief that this had happened. That is, until I had logged into my Google account to see what devices had logged into my account in the last month. I recognized all the devices except for a Linux computer whoās IP was based out of the United States š. FML.
How ItĀ Happened
Iāll never know for sure how my Gmail account ended up being compromised, but I have 2 theories.
Theory 1: My landlord did it
I had just moved into a new apartment and I wasnāt going to have my internet installed for another week or so. I asked my landlord, who is also my neighbour, if I could use his wifi until I got setup. Apparently he works in IT and is quite savvy when it comes to computers as he came up with his computer and showed me how he setup a network for me to use until I got my own internet. He also took notice at the router I had in my apartment and mentioned how it was a good router and that I should be in good shape with it when my internet does get installed.
Anyways, the day after I logged into my landlordās wifi is the day where the unknown Linux computer I mentioned earlier logged into my Google account. My guess would be that my landlordās router, to which I was connected to, was logging any username and password I was inputting on my computer and he managed to get my Gmail credentials that way.
I havenāt confronted him about any of this since I could be completely wrong.
Theory 2: Someone hacked my router
The extortion email I had received came just days after I got my internet setup at my new place. When researching how to make my computer more secure to prevent this from happening to me again, I ran into an article mentioning how many peopleās router have their username and password set to admin and password, respectively, and this is a HUGE security vulnerability. Iāve had my router for a few years and havenāt ever logged into it, except to set it up on day one.
I decided to try logging into my router through the browser. To my disbelief, I managed to log into the control panel for my router using admin and password š³! If that wasnāt bad enough, the next screen that appeared after the log in warned me that there was another computer already logged into the router and that I would be kicking that device off since there can only be one computer connected at once!
So yaā¦overall, very bad stuff.
What I Did AboutĀ It
Thereās not much I can do about the data the hacker has captured from me. Itās very likely they now have a scary amount of information about myself.
Well, I have not taken this account breach lightly and Iāve taken a bunch of measures to try to protect myself from this kind of thing.
1. Securely configured router and wifi network
I factory reset my router and made sure to give it a good password. I also made sure to go through all of its settings and disable settings that could leave me vulnerable. Hereās an article I followed for tips on which settings to turn off/on.
I also made sure to change the name of my wifi network and give it a more secure password.
2. Purchased a VPN and make sure all web traffic goes through it
There is no way Iām doing any sort of web browsing without being on a Virtual Private Network (VPN) anymore. Iām subscribed to a VPN service that allows me to connect to a VPN on both my laptop and phone.
3. Changed many many many passwords
Luckily the hacker didnāt lock me out of my Gmail account, so I was able to reset my password for that account. I also went through all the login items Iāve got stored in 1Password to see if there are any apps where I should change my password. I ended up changing A LOT of passwords for apps that fall into one of the following categories:
- Email- Social media- Cloud storage- Banking & finances- Government services
4. Two factor authentication
Amazingly, I didnāt have two factor authentication enabled on my Google accountā¦ Iām not sure why I hadnāt enabled this before, but Iāve been quite naive to many security related things, so this doesnāt come as much of a surprise to me.
I ended up enabling two factor on a bunch of other accounts I use as well. Having that second step for authentication could have potentially prevented the whole mess I found myself in.
5. Removed unnecessary 3rd party Google account access
There were many apps that had been granted access to my Google account, and Iāve removed access for all the apps I no longer use.
6. Covered my webcam
I bought some webcam covers for my devices. The covers easily allow to show and hide the webcam. Right now the cover is only on my laptops, but Iām quite tempted to put it on my phone as well.
Overall it was a pretty terrible situation to be in, but I will definitely be more cautious and aware of potential security vulnerabilities in the future.
If you have any other suggestions on how to increase computer security, let me know! Iām trying to take as many precautions as possible.
If you found this article interesting and front end development interests you, consider following me on Twitter, Github, or LinkedIn.
