My email account got hacked recently 🙁. I’ll explained what happened, how it happened, and the steps I took to prevent this sort of thing from happening again. this story gets very cringeworthy. Warning: What Happened How did I find out? Well I got an email saying that some malicious software had been downloaded on my computer and had obtained some scandalous information about me. The email threatened to release the information they captured if I did not pay them with Bitcoin. Apparently this is a scam that goes around. Usually the email contains passwords used on some other websites as a way to legitimize the claim/threat. These passwords are usually obtained through large data leaks. However, in my case, the way they tried to legitimize the claim was to point out how they emailed me through my email account (i.e. my email account sent an email to itself) and hence my email account has been comprised. fairly common email Looking at the and fields did confirm the email was sent to myself 😰. I was hoping that this was some sort of , but when I checked my folder the exact email was right there in my folder 😫. from to email spoofing sent sent I was still in disbelief that this had happened. That is, until I had logged into my Google account to see what devices had logged into my account in the last month. I recognized all the devices except for a Linux computer who’s IP was based out of the United States 😭. FML. How It Happened I’ll never know for sure how my account ended up being compromised, but I have 2 theories. Gmail Theory 1: My landlord did it I had just moved into a new apartment and I wasn’t going to have my internet installed for another week or so. I asked my landlord, who is also my neighbour, if I could use his wifi until I got setup. Apparently he works in IT and is quite savvy when it comes to computers as he came up with his computer and showed me how he setup a network for me to use until I got my own internet. He also took notice at the router I had in my apartment and mentioned how it was a good router and that I should be in good shape with it when my internet does get installed. Anyways, I logged into my landlord’s wifi is the day where the unknown My guess would be that my landlord’s router, to which I was connected to, was logging any username and password I was inputting on my computer and he managed to get my Gmail credentials that way. the day after Linux computer I mentioned earlier logged into my Google account. I haven’t confronted him about any of this since I could be completely wrong. Theory 2: Someone hacked my router The extortion email I had received came just days after I got my internet setup at my new place. When researching how to make my computer more secure to prevent this from happening to me again, I ran into an article mentioning how many people’s router have their username and password set to and , respectively, and this is a HUGE vulnerability. I’ve had my router for a few years and haven’t ever logged into it, except to set it up on day one. admin password security I decided to try logging into my router through the browser. To my disbelief, I managed to log into the control panel for my router using and 😳! If that wasn’t bad enough, the next screen that appeared after the log in warned me that there was another computer already logged into the router and that I would be kicking that device off since there can only be one computer connected at once! admin password So ya…overall, very bad stuff. What I Did About It There’s not much I can do about the data the hacker has captured from me. It’s very likely they now have a scary amount of information about myself. Well, I have not taken this account breach lightly and I’ve taken a bunch of measures to try to protect myself from this kind of thing. 1. Securely configured router and wifi network I factory reset my router and made sure to give it a good password. I also made sure to go through all of its settings and disable settings that could leave me vulnerable. I followed for tips on which settings to turn off/on. Here’s an article I also made sure to change the name of my wifi network and give it a more secure password. 2. Purchased a VPN and make sure all web traffic goes through it There is no way I’m doing any sort of web browsing without being on a Virtual Private Network (VPN) anymore. I’m that allows me to connect to a VPN on both my laptop and phone. subscribed to a VPN service 3. Changed many many many passwords Luckily the hacker didn’t lock me out of my Gmail account, so I was able to reset my password for that account. I also went through all the login items I’ve got stored in 1Password to see if there are any apps where I should change my password. I ended up changing A LOT of passwords for apps that fall into one of the following categories: - Email- Social media- Cloud storage- Banking & finances- Government services 4. Two factor authentication Amazingly, I didn’t have two factor authentication enabled on my Google account… I’m not sure why I hadn’t enabled this before, but I’ve been quite naive to many security related things, so this doesn’t come as much of a surprise to me. I ended up enabling two factor on a bunch of other accounts I use as well. Having that second step for authentication could have potentially prevented the whole mess I found myself in. 5. Removed unnecessary 3rd party Google account access There were many apps that had been granted access to my Google account, and I’ve removed access for all the apps I no longer use. 6. Covered my webcam I bought some for my devices. The covers easily allow to show and hide the webcam. Right now the cover is only on my laptops, but I’m quite tempted to put it on my phone as well. webcam covers Overall it was a pretty terrible situation to be in, but I will definitely be more cautious and aware of potential security vulnerabilities in the future. I’m trying to take as many precautions as possible. If you have any other suggestions on how to increase computer security, let me know! If you found this article interesting and front end development interests you, consider following me on , , or . Twitter Github LinkedIn

Amazon

BUNCH

Google

Twitter

Too Long; Didn't Read

Get free API security automated scan in minutes

How My Email Account Got Hacked and the Steps I Took After Finding Out

Too Long; Didn't Read

Companies Mentioned

@robertcooper_rc

RELATED STORIES