Hacker Headache

No, I am not stuck in London.  My email account was hacked shortly before 5 am this morning. The hacker proceeded to change my password (locking me out), remove my backup email from the account and replace with his own email (yes, we’ve turned that over to the police), and email everyone in my contacts with a fishy story about being mugged in London, no money, unable to pay hotel bill, etc. If people replied, they were sent another email (likely an autorespond) – “yes it’s really me.” You may have read about the scam in this morning’s Daily Camera.

Unable to do anything with that Yahoo account, I spent much of this morning changing all my other passwords and account settings, on any site that I had connected with that account. Yikes.

My Facebook account was not associated with Yahoo. In the midst of changing my Facebook password, I got an email from the kind people at Facebook alerting me that someone requested changing the email on the account to . .. the compromised email.  A quick cyber-battle/tug of war ensued and I believe I won that round – though someone (either the hacker or Facebook, don’t know who) deleted all posts on my account from this morning.  If you left me a message there and now it’s gone – that’s what happened to it.

Unintended Goodness

Fortunately (?) the hacker didn’t change my auto-signature. So the spam emails had my phone number, making it easy for people to call and check on me. Sorry if we weren’t able to answer immediately, the phone rang off the hook and some calls went to voice mail. I heard from friends near and far – Florida, Arizona, Costa Rica, California, Washington, as well as many in Boulder. THANK YOU ALL! What a treat to hear real voices.  Thank you all for your concern, and for reaching out.

Another bit of unexpected goodness: the link to Boulder Jewish News was also in my email signature (a nifty animated headline box!), so if you didn’t already know that this was a project of ours, you probably know that now! Traffic is ahead of our usual stats for this time of day, though this was truly not the way I ever wanted to get site traffic (and of course, it might just be related to this article and have nothing to do with the email). I hope people are clicking through to check out our advertisers!

As for Boulder Jewish News, we monitor security regularly (multiple times each day), use every tool available to keep the site secure, and hope that we are one step ahead of the trouble-makers.

Lessons Learned

There has to be a lesson, right? These are the common guidelines.

1. Change your passwords to something longer and more complex, using letters, numbers and symbols.
2. Change them up a bit – like 2x/year maintenance – when you change the batteries in the smoke detector or when you get an oil change.
3. Don’t use the same password for more than 1 account. I’m sure that’s what slowed down the attempted theft of my Facebook profile. . .it was just enough different that it took some time for the hacker to discover it (probably done with software).

There are lots more articles about internet safety and creating strong passwords. And of course – never give out your personal info online, and never respond to this kind of scam. Easy enough to make a call and connect in the real world – and hearing from everyone (whether by email, Facebook or phone) was the best part of this day!