My email account got hacked recently š. Iāll explained what happened, how it happened, and the steps I took to prevent this sort of thing from happening again. this story gets very cringeworthy. Warning: What Happened How did I find out? Well I got an email saying that some malicious software had been downloaded on my computer and had obtained some scandalous information about me. The email threatened to release the information they captured if I did not pay them with Bitcoin. Apparently this is a scam that goes around. Usually the email contains passwords used on some other websites as a way to legitimize the claim/threat. These passwords are usually obtained through large data leaks. However, in my case, the way they tried to legitimize the claim was to point out how they emailed me through my email account (i.e. my email account sent an email to itself) and hence my email account has been comprised. fairly common email Looking at the and fields did confirm the email was sent to myself š°. I was hoping that this was some sort of , but when I checked my folder the exact email was right there in my folder š«. from to email spoofing sent sent I was still in disbelief that this had happened. That is, until I had logged into my Google account to see what devices had logged into my account in the last month. I recognized all the devices except for a Linux computer whoās IP was based out of the United States š. FML. How ItĀ Happened Iāll never know for sure how my account ended up being compromised, but I have 2 theories. Gmail Theory 1: My landlord did it I had just moved into a new apartment and I wasnāt going to have my internet installed for another week or so. I asked my landlord, who is also my neighbour, if I could use his wifi until I got setup. Apparently he works in IT and is quite savvy when it comes to computers as he came up with his computer and showed me how he setup a network for me to use until I got my own internet. He also took notice at the router I had in my apartment and mentioned how it was a good router and that I should be in good shape with it when my internet does get installed. Anyways, I logged into my landlordās wifi is the day where the unknown My guess would be that my landlordās router, to which I was connected to, was logging any username and password I was inputting on my computer and he managed to get my Gmail credentials that way. the day after Linux computer I mentioned earlier logged into my Google account. I havenāt confronted him about any of this since I could be completely wrong. Theory 2: Someone hacked my router The extortion email I had received came just days after I got my internet setup at my new place. When researching how to make my computer more secure to prevent this from happening to me again, I ran into an article mentioning how many peopleās router have their username and password set to and , respectively, and this is a HUGE vulnerability. Iāve had my router for a few years and havenāt ever logged into it, except to set it up on day one. admin password security I decided to try logging into my router through the browser. To my disbelief, I managed to log into the control panel for my router using and š³! If that wasnāt bad enough, the next screen that appeared after the log in warned me that there was another computer already logged into the router and that I would be kicking that device off since there can only be one computer connected at once! admin password So yaā¦overall, very bad stuff. What I Did AboutĀ It Thereās not much I can do about the data the hacker has captured from me. Itās very likely they now have a scary amount of information about myself. Well, I have not taken this account breach lightly and Iāve taken a bunch of measures to try to protect myself from this kind of thing. 1. Securely configured router and wifi network I factory reset my router and made sure to give it a good password. I also made sure to go through all of its settings and disable settings that could leave me vulnerable. I followed for tips on which settings to turn off/on. Hereās an article I also made sure to change the name of my wifi network and give it a more secure password. 2. Purchased a VPN and make sure all web traffic goes through it There is no way Iām doing any sort of web browsing without being on a Virtual Private Network (VPN) anymore. Iām that allows me to connect to a VPN on both my laptop and phone. subscribed to a VPN service 3. Changed many many many passwords Luckily the hacker didnāt lock me out of my Gmail account, so I was able to reset my password for that account. I also went through all the login items Iāve got stored in 1Password to see if there are any apps where I should change my password. I ended up changing A LOT of passwords for apps that fall into one of the following categories: - Email- Social media- Cloud storage- Banking & finances- Government services 4. Two factor authentication Amazingly, I didnāt have two factor authentication enabled on my Google accountā¦ Iām not sure why I hadnāt enabled this before, but Iāve been quite naive to many security related things, so this doesnāt come as much of a surprise to me. I ended up enabling two factor on a bunch of other accounts I use as well. Having that second step for authentication could have potentially prevented the whole mess I found myself in. 5. Removed unnecessary 3rd party Google account access There were many apps that had been granted access to my Google account, and Iāve removed access for all the apps I no longer use. 6. Covered my webcam I bought some for my devices. The covers easily allow to show and hide the webcam. Right now the cover is only on my laptops, but Iām quite tempted to put it on my phone as well. webcam covers Overall it was a pretty terrible situation to be in, but I will definitely be more cautious and aware of potential security vulnerabilities in the future. Iām trying to take as many precautions as possible. If you have any other suggestions on how to increase computer security, let me know! If you found this article interesting and front end development interests you, consider following me on , , or . Twitter Github LinkedIn
