My email account got hacked recently 🙁.
I’ll explained what happened, how it happened, and the steps I took to prevent this sort of thing from happening again.
Warning: this story gets very cringeworthy.
How did I find out? Well I got an email saying that some malicious software had been downloaded on my computer and had obtained some scandalous information about me. The email threatened to release the information they captured if I did not pay them with Bitcoin.
Apparently this is a fairly common email scam that goes around. Usually the email contains passwords used on some other websites as a way to legitimize the claim/threat. These passwords are usually obtained through large data leaks. However, in my case, the way they tried to legitimize the claim was to point out how they emailed me through my email account (i.e. my email account sent an email to itself) and hence my email account has been comprised.
Looking at the from and to fields did confirm the email was sent to myself 😰. I was hoping that this was some sort of email spoofing, but when I checked my sent folder the exact email was right there in my sent folder 😫.
I was still in disbelief that this had happened. That is, until I had logged into my Google account to see what devices had logged into my account in the last month. I recognized all the devices except for a Linux computer who’s IP was based out of the United States 😭. FML.
How It Happened
I’ll never know for sure how my Gmail account ended up being compromised, but I have 2 theories.
Theory 1: My landlord did it
I had just moved into a new apartment and I wasn’t going to have my internet installed for another week or so. I asked my landlord, who is also my neighbour, if I could use his wifi until I got setup. Apparently he works in IT and is quite savvy when it comes to computers as he came up with his computer and showed me how he setup a network for me to use until I got my own internet. He also took notice at the router I had in my apartment and mentioned how it was a good router and that I should be in good shape with it when my internet does get installed.
Anyways, the day after I logged into my landlord’s wifi is the day where the unknown Linux computer I mentioned earlier logged into my Google account. My guess would be that my landlord’s router, to which I was connected to, was logging any username and password I was inputting on my computer and he managed to get my Gmail credentials that way.
I haven’t confronted him about any of this since I could be completely wrong.
Theory 2: Someone hacked my router
The extortion email I had received came just days after I got my internet setup at my new place. When researching how to make my computer more secure to prevent this from happening to me again, I ran into an article mentioning how many people’s router have their username and password set to
password, respectively, and this is a HUGE security vulnerability. I’ve had my router for a few years and haven’t ever logged into it, except to set it up on day one.
I decided to try logging into my router through the browser. To my disbelief, I managed to log into the control panel for my router using
password 😳! If that wasn’t bad enough, the next screen that appeared after the log in warned me that there was another computer already logged into the router and that I would be kicking that device off since there can only be one computer connected at once!
So ya…overall, very bad stuff.
What I Did About It
There’s not much I can do about the data the hacker has captured from me. It’s very likely they now have a scary amount of information about myself.
Well, I have not taken this account breach lightly and I’ve taken a bunch of measures to try to protect myself from this kind of thing.
1. Securely configured router and wifi network
I factory reset my router and made sure to give it a good password. I also made sure to go through all of its settings and disable settings that could leave me vulnerable. Here’s an article I followed for tips on which settings to turn off/on.
I also made sure to change the name of my wifi network and give it a more secure password.
2. Purchased a VPN and make sure all web traffic goes through it
There is no way I’m doing any sort of web browsing without being on a Virtual Private Network (VPN) anymore. I’m subscribed to a VPN service that allows me to connect to a VPN on both my laptop and phone.
3. Changed many many many passwords
Luckily the hacker didn’t lock me out of my Gmail account, so I was able to reset my password for that account. I also went through all the login items I’ve got stored in 1Password to see if there are any apps where I should change my password. I ended up changing A LOT of passwords for apps that fall into one of the following categories:
– Social media
– Cloud storage
– Banking & finances
– Government services
4. Two factor authentication
Amazingly, I didn’t have two factor authentication enabled on my Google account… I’m not sure why I hadn’t enabled this before, but I’ve been quite naive to many security related things, so this doesn’t come as much of a surprise to me.
I ended up enabling two factor on a bunch of other accounts I use as well. Having that second step for authentication could have potentially prevented the whole mess I found myself in.
5. Removed unnecessary 3rd party Google account access
There were many apps that had been granted access to my Google account, and I’ve removed access for all the apps I no longer use.
6. Covered my webcam
I bought some webcam covers for my devices. The covers easily allow to show and hide the webcam. Right now the cover is only on my laptops, but I’m quite tempted to put it on my phone as well.