Yes and no. My passwords have been published in many major hacks. People have tried unsuccessfully to log into an account that I own. Presumably someone must have gotten into one of the really old...
Yes and no. My passwords have been published in many major hacks. People have tried unsuccessfully to log into an account that I own. Presumably someone must have gotten into one of the really old ones I don't care about anymore, but I generally avoid leaving any personal information anywhere if I can avoid it.
That being said, the amount of big hacks and the number of attempted logins have grown a lot over the recent years, so I have switched over to a password manager and have switched many accounts to using unique passwords and anonymous email aliases.
I was hacked in the 90s or early 2000s. Someone got access to my computer, opened/closed my CD tray among other shenanigans. It was probably someone from IRC, maybe through an mp3 I got from there.
I was hacked in the 90s or early 2000s. Someone got access to my computer, opened/closed my CD tray among other shenanigans. It was probably someone from IRC, maybe through an mp3 I got from there.
Yeah, remember the 1980s Hackers movie where that kid hacks into various cable operators and tries to fiddle with TV channels? That was a whole different wild west time.
Yeah, remember the 1980s Hackers movie where that kid hacks into various cable operators and tries to fiddle with TV channels? That was a whole different wild west time.
The closest thing was losing my Reddit account. I was using a throwaway password and no associated email, because when I first created the account I didn't care about Reddit. I believe they got...
The closest thing was losing my Reddit account. I was using a throwaway password and no associated email, because when I first created the account I didn't care about Reddit. I believe they got the throwaway password from some password leak at a different site.
I contacted support and they suspended the account, but since I couldn't prove I was the owner, I had to create another one.
I don't use throwaway passwords anymore. Every site has a different password.
I have not been, however, a moderator for a Google+ community of mine fell for an obvious phishing attack and they banned everyone in the community. That sucked. Unfortunately, I didn’t plan...
I have not been, however, a moderator for a Google+ community of mine fell for an obvious phishing attack and they banned everyone in the community.
That sucked.
Unfortunately, I didn’t plan recovery too well and I unbanned everyone before contacting them, so I no longer had a list of previous members to invite them back.
Recently my fake/ alternate Facebook account got hacked. I realized afterwards that I used the same email address (and probably password) for all my fake LinkedIn/ Facebook/ Twitter/ Kaggle...
Recently my fake/ alternate Facebook account got hacked.
I realized afterwards that I used the same email address (and probably password) for all my fake LinkedIn/ Facebook/ Twitter/ Kaggle accounts.
I normally use a different email address & password for important accounts.
It's no big deal, I was just surprised at how aggressive hackers and spammers are now.
What do I do differently now? I recently got Yubikeys and also installed Bitwarden.
With Bitwarden, I mostly just use it for social media accounts and to quickly enter a credit card number. With the LastPass hack, I am kinda rethinking even that limited use.
Using Bitwarden or Latpass is probably safer than not using anything, but you should keep a local backup just in case. I don't think passwords themselves were compromised on Latpass, but other...
Using Bitwarden or Latpass is probably safer than not using anything, but you should keep a local backup just in case. I don't think passwords themselves were compromised on Latpass, but other stuff like your email and logins.
Yeah, it happened recently: https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/ As long as people's master password was unique and reasonably complicated, there is almost no...
As long as people's master password was unique and reasonably complicated, there is almost no chance of the hackers ever managing to decrypt the vaults though.
Every bad password practice: Dictonary word in multiple places with the same username. A family friend serving in Iraq got a message from me over Messenger and asked my brother where I was. I went...
Every bad password practice: Dictonary word in multiple places with the same username. A family friend serving in Iraq got a message from me over Messenger and asked my brother where I was. I went and fixed that.
The worst was my Mojang account got hacked and I lost a Steam key to Jens's game. I deleted my purchase receipt too so I couldnt get it back.
My first main Runescape account was a tragedy, too. A trick was to walk around and claim "your password won't show up if you type it, see? ********." I foolishly entered mine thinking it was so dumb they'd think I was pretending. I eventually got the account back 11 years later.
It's been quite awhile now but yes. I've been hacked twice. Back in 2009, my computer was infected with a keylogger that stole my World of Warcraft account twice within 6 months. I lost all my...
It's been quite awhile now but yes. I've been hacked twice. Back in 2009, my computer was infected with a keylogger that stole my World of Warcraft account twice within 6 months. I lost all my items, but luckily it was at a time when Blizzard was offering to recover items when you contact a GM, so all I lost was time, which I had a lot of considering I was playing World of Warcraft -- the mother of all time sinks. (I still do.)
Since then, I've not gotten hacked once. I update my devices and the software I use (which I try to keep to a minimum) as soon as possible, and I use unique email addresses for every service I sign up for with equally unique passwords with 2FA enabled where possible. It's a pretty standard way of staying safe online and it's served me well, knock on wood.
For the longest time I used the same simple password across most things, but had a unique email address. It worked well, until Facebook/ LinkedIn not only figured out my other email addresses, but...
For the longest time I used the same simple password across most things, but had a unique email address.
It worked well, until Facebook/ LinkedIn not only figured out my other email addresses, but also allowed someone to try to sign on with my other email address.
The first site I built in PHP was swiftly hacked, deleted, and replaced with a page that said "defaced by $someGuy". I was quite young and because I was just editing files directly on the server,...
The first site I built in PHP was swiftly hacked, deleted, and replaced with a page that said "defaced by $someGuy". I was quite young and because I was just editing files directly on the server, had no backup. Think I cried for a week afterwards!
I had a vps a few years ago with an ftp server I forgot about. Someone brute forced it, and uploaded some malware that mined monero, and also scanned the net for other vulnerable servers. Woke up...
I had a vps a few years ago with an ftp server I forgot about. Someone brute forced it, and uploaded some malware that mined monero, and also scanned the net for other vulnerable servers. Woke up to an angry email from my host and had to nuke the vps
Just one or two months ago. I keep an old Lenovo android tablet (released 2017ish) to read ebooks/textbooks and play pirated Exiled Kingdoms. Despite it's age, its battery life is still fairly...
Just one or two months ago. I keep an old Lenovo android tablet (released 2017ish) to read ebooks/textbooks and play pirated Exiled Kingdoms. Despite it's age, its battery life is still fairly decent. To mitigate the risk of using such an outdated device I only transferred files onto it via cable and kept it permanently in airplane mode. It was a bit of a hassle, so I then had its speed set to 0 in router settings (effectively cutting it off from the wider internet); this still let me use KDE Connect to transfer files over the local network. While KDE Connect is fabulous at being knockoff AirDrop for Windows/Android/iOS, it still requires having a local network to connect to. I wanted to test if I could get it to work without that, so I fiddled around with bluetooth pairing it with my iPhone, setting it to connect to its mobile hotspot, and connecting to a network without actually logging in to its captive portal (none of them worked). Unfortunately I was being stupid and doing all this in a library. Before I knew it I'd been force paired with some device I didn't recognize and some weird mobile game got installed onto my homescreen.
Impact? Truth be told, not very much. I deliberately didn't put anything sensitive on it. So I just restarted in safe mode and uninstalled the app. I probably should clean install the stock ROM but I'm guessing it was probably a script kiddie so they can't really do anything without accessing the internet, plus pretty much everything else I use is up to date so I'm not really worried.
Lesson learned: don't turn on bluetooth and/or Wi-Fi when in public areas if you have don't have the latest security patches. Fortunately, Google is adding the Bluetooth modules to Project Mainline (the Wi-Fi module is already part of it AFAIK) in Android 13 so this will be less of an issue over time.
I reused a password with my Spotify at one stage and it got taken over. Contacted support explaining the situation and I think I had control over the account (with a unique password from my...
I reused a password with my Spotify at one stage and it got taken over. Contacted support explaining the situation and I think I had control over the account (with a unique password from my password manager) within like 12 hours.
I lost my first gmail account more than a decade ago. Wasn't able to get it back through gmail's recovery process. Last time I was in the account, I saw some suspicious activity from China, I...
I lost my first gmail account more than a decade ago. Wasn't able to get it back through gmail's recovery process. Last time I was in the account, I saw some suspicious activity from China, I believe I changed my password, after that, was never able to log in again.
Now, this was when I was using a simple one-word-from-the-dictionary password, and this was before multi-factor authentication was added. I don't remember if I had a recovery email address set, and if it was, the hacker may have changed it.
Either way, that account is long gone, haven't had anything happen with my more recent ones.
Use a complex password (but one you can remember) for your main email account, turn on multi-factor authentication (not SMS-based if you can help it) for all your accounts, store everything in a password manager (a good one like 1Password, don't use LastPass), and make sure you have recovery emails set for things like your email accounts, and recovery codes downloaded and stored in a safe location (preferably print them out and put them in a safe).
I haven't personally ever been hacked, but around 20 years ago my father-in-law complained to me that his office computer was running slow and asked me to take a look. I discovered that someone...
I haven't personally ever been hacked, but around 20 years ago my father-in-law complained to me that his office computer was running slow and asked me to take a look. I discovered that someone had managed to install an FTP server on his machine, which was showing around a dozen people all downloading and uploading pirated software and pornography when I discovered it. I didn't have the know-how back then to figure out how he had been compromised, but advised him to completely wipe it and reinstall Windows from scratch, which he did.
Yes and no. My passwords have been published in many major hacks. People have tried unsuccessfully to log into an account that I own. Presumably someone must have gotten into one of the really old ones I don't care about anymore, but I generally avoid leaving any personal information anywhere if I can avoid it.
That being said, the amount of big hacks and the number of attempted logins have grown a lot over the recent years, so I have switched over to a password manager and have switched many accounts to using unique passwords and anonymous email aliases.
I was hacked in the 90s or early 2000s. Someone got access to my computer, opened/closed my CD tray among other shenanigans. It was probably someone from IRC, maybe through an mp3 I got from there.
That's hilarious
It was fairly common stuff back in the day. There was no financial gain to have. I initially thought my computer was possessed by the Devil :P
Ah, the days of Back Orifice and NetBus.
Yeah, remember the 1980s Hackers movie where that kid hacks into various cable operators and tries to fiddle with TV channels? That was a whole different wild west time.
The closest thing was losing my Reddit account. I was using a throwaway password and no associated email, because when I first created the account I didn't care about Reddit. I believe they got the throwaway password from some password leak at a different site.
I contacted support and they suspended the account, but since I couldn't prove I was the owner, I had to create another one.
I don't use throwaway passwords anymore. Every site has a different password.
A year ago I went through my accounts and brought them all into 1Password, updating each password to be unique. Only took 2 or 3 hours.
I have not been, however, a moderator for a Google+ community of mine fell for an obvious phishing attack and they banned everyone in the community.
That sucked.
Unfortunately, I didn’t plan recovery too well and I unbanned everyone before contacting them, so I no longer had a list of previous members to invite them back.
Freaky! Were you on a shared network at the time?
Recently my fake/ alternate Facebook account got hacked.
I realized afterwards that I used the same email address (and probably password) for all my fake LinkedIn/ Facebook/ Twitter/ Kaggle accounts.
I normally use a different email address & password for important accounts.
It's no big deal, I was just surprised at how aggressive hackers and spammers are now.
What do I do differently now? I recently got Yubikeys and also installed Bitwarden.
With Bitwarden, I mostly just use it for social media accounts and to quickly enter a credit card number. With the LastPass hack, I am kinda rethinking even that limited use.
Using Bitwarden or Latpass is probably safer than not using anything, but you should keep a local backup just in case. I don't think passwords themselves were compromised on Latpass, but other stuff like your email and logins.
They did steal the customers vaults, so it puts people at risk.
Is this recent? I haven't used LastPass for quite a while, so I don't follow it anymore.
Yeah, it happened recently:
https://blog.lastpass.com/2022/12/notice-of-recent-security-incident/
As long as people's master password was unique and reasonably complicated, there is almost no chance of the hackers ever managing to decrypt the vaults though.
Every bad password practice: Dictonary word in multiple places with the same username. A family friend serving in Iraq got a message from me over Messenger and asked my brother where I was. I went and fixed that.
The worst was my Mojang account got hacked and I lost a Steam key to Jens's game. I deleted my purchase receipt too so I couldnt get it back.
My first main Runescape account was a tragedy, too. A trick was to walk around and claim "your password won't show up if you type it, see? ********." I foolishly entered mine thinking it was so dumb they'd think I was pretending. I eventually got the account back 11 years later.
I'm genuinely sorry about your Runescape account, but you do have to appreciate the classics.
It's been quite awhile now but yes. I've been hacked twice. Back in 2009, my computer was infected with a keylogger that stole my World of Warcraft account twice within 6 months. I lost all my items, but luckily it was at a time when Blizzard was offering to recover items when you contact a GM, so all I lost was time, which I had a lot of considering I was playing World of Warcraft -- the mother of all time sinks. (I still do.)
Since then, I've not gotten hacked once. I update my devices and the software I use (which I try to keep to a minimum) as soon as possible, and I use unique email addresses for every service I sign up for with equally unique passwords with 2FA enabled where possible. It's a pretty standard way of staying safe online and it's served me well, knock on wood.
For the longest time I used the same simple password across most things, but had a unique email address.
It worked well, until Facebook/ LinkedIn not only figured out my other email addresses, but also allowed someone to try to sign on with my other email address.
The first site I built in PHP was swiftly hacked, deleted, and replaced with a page that said "defaced by $someGuy". I was quite young and because I was just editing files directly on the server, had no backup. Think I cried for a week afterwards!
This was basically my one experience with compromised security too. Started making more secure websites after that.
I had a vps a few years ago with an ftp server I forgot about. Someone brute forced it, and uploaded some malware that mined monero, and also scanned the net for other vulnerable servers. Woke up to an angry email from my host and had to nuke the vps
Just one or two months ago. I keep an old Lenovo android tablet (released 2017ish) to read ebooks/textbooks and play pirated Exiled Kingdoms. Despite it's age, its battery life is still fairly decent. To mitigate the risk of using such an outdated device I only transferred files onto it via cable and kept it permanently in airplane mode. It was a bit of a hassle, so I then had its speed set to 0 in router settings (effectively cutting it off from the wider internet); this still let me use KDE Connect to transfer files over the local network. While KDE Connect is fabulous at being knockoff AirDrop for Windows/Android/iOS, it still requires having a local network to connect to. I wanted to test if I could get it to work without that, so I fiddled around with bluetooth pairing it with my iPhone, setting it to connect to its mobile hotspot, and connecting to a network without actually logging in to its captive portal (none of them worked). Unfortunately I was being stupid and doing all this in a library. Before I knew it I'd been force paired with some device I didn't recognize and some weird mobile game got installed onto my homescreen.
Impact? Truth be told, not very much. I deliberately didn't put anything sensitive on it. So I just restarted in safe mode and uninstalled the app. I probably should clean install the stock ROM but I'm guessing it was probably a script kiddie so they can't really do anything without accessing the internet, plus pretty much everything else I use is up to date so I'm not really worried.
Lesson learned: don't turn on bluetooth and/or Wi-Fi when in public areas if you have don't have the latest security patches. Fortunately, Google is adding the Bluetooth modules to Project Mainline (the Wi-Fi module is already part of it AFAIK) in Android 13 so this will be less of an issue over time.
I reused a password with my Spotify at one stage and it got taken over. Contacted support explaining the situation and I think I had control over the account (with a unique password from my password manager) within like 12 hours.
I lost my first gmail account more than a decade ago. Wasn't able to get it back through gmail's recovery process. Last time I was in the account, I saw some suspicious activity from China, I believe I changed my password, after that, was never able to log in again.
Now, this was when I was using a simple one-word-from-the-dictionary password, and this was before multi-factor authentication was added. I don't remember if I had a recovery email address set, and if it was, the hacker may have changed it.
Either way, that account is long gone, haven't had anything happen with my more recent ones.
Use a complex password (but one you can remember) for your main email account, turn on multi-factor authentication (not SMS-based if you can help it) for all your accounts, store everything in a password manager (a good one like 1Password, don't use LastPass), and make sure you have recovery emails set for things like your email accounts, and recovery codes downloaded and stored in a safe location (preferably print them out and put them in a safe).
I haven't personally ever been hacked, but around 20 years ago my father-in-law complained to me that his office computer was running slow and asked me to take a look. I discovered that someone had managed to install an FTP server on his machine, which was showing around a dozen people all downloading and uploading pirated software and pornography when I discovered it. I didn't have the know-how back then to figure out how he had been compromised, but advised him to completely wipe it and reinstall Windows from scratch, which he did.