I've had many people ask me about e-mails they've received and how they got hacked. 

These e-mails can be pretty convincing if they display a password that you use. It is worrisome because this is a piece of private information. 

The content of the e-mail might be pretty alarming to some people. It gave me a good laugh.  Remotely accessing a computer is entirely possible, but in this case, not likely. If you are running windows, a good anti-virus/malware program should detect such incursions.  The things claimed in the e-mail would be entirely possible given level of sophistication today's hackers possess. 

Prior to this article I have received 1 of these myself in the past 3 years. Today, I received 3 in a row. 

So what happened? Did I get hacked?  No -- but obviously a site that I've used in the past did. Clearly hackers were able to access sensitive information: my online account, my email address and password. 

In practice, I use different passwords for different groups of online services.  Sometimes I'll include a few letters to hint at the name of the service. This narrowed the suspects.  Next, I can check one of several databases that keep track of websites that have been hacked:

https://en.wikipedia.org/wiki/List_of_data_breaches
https://haveibeenpwned.com/PwnedWebsites

Scanning the list, I found two websites that I used that password for.  I hadn't visited those websites in over 4 years. I'd like to think it took them this long to decrypt my nifty password!  

Whether or not you ever received such an e-mail, I recommend looking at the list.  Sites include the IRS, the United States Post Office, Facebook,  Dominos, Walmart, Yahoo... and the list goes on and on.

We all have heard the lectures of good passwords and bemoan all those password character requirements, but ultimately, it will keep your online profiles safer. Even strongly encrypted passwords can find themselves vulnerable to brute force password guessing.

Lastly, so many people have confessed to me they use the same password for everything.  If you look at the list of compromised servers, you can imagine how this practice can magnify your risks of identity theft. 

Go to top