We Are a Family of 4 now!

Saturday, November 14, 2009

Hacked!

The biggest shock of the month happened yesterday to me when I was notified through several phone calls and sms-es about my Facebook (FB) account being hacked. I'm glad these friends of mine know me well enough to know I would NEVER post disgusting content on my webpages and subsequently took swift action to try reach me so I could fix the problem. I have a rather long list of contacts on my FB and such an incident would have such a massive ripple effect, it would not be pleasant.

This was the sequence of events.

For the past 2 weeks I have noticed that several Facebook accounts of my acquaintances had been hacked and the perpetrator puts up status updates promoting dieting pills/drugs on certain webpages. It was then I thought to myself, " Imagine if this happened to me, what would I have to do ensure my information on my laptop is safe?" Then I thought, " Nah, it won't happen to me. I don't download anything. I only check my emails, go on FB, update my blog and read other blogs. I should be safe." Talk about premonition and how wrong I was!

Yesterday 13 Nov, I was out for lunch and had left my mobile phone at home. I was at work first half of the morning and luckily, had the afternoon off. After lunch I returned home to find that my mobile was exploding with missed calls and sms-es. I checked the message and to my horror found out that my FB had been compromised and the perp had posted unlawful, disgusting content on my photo albums. I rushed to my laptop to log on and couldn't because the password had been changed.

This thrust me into full panic mode because my log on email account on FB (Gmail) shares the same password as my Gmail account itself. What this means (if you havent linked the two together) is that if I reset the password on my FB, I still could not get to that new password because the idiot had also changed my password on the email account that the new password was sent to. To that effect, I would not be able to remove the content off FB as quick as I would like and my good name would have been tarnished for a long time. The quicker the content was removed, the fewer the people that would have seen it.

The wheels on my brain started turning and I recalled the backup email account that I used for my Gmail. I have a different password there so I had to reset the password on Gmail, get the new password from the other email account and from there sign into Gmail, change the password, get the new password for FB, sign into FB and change my password there. From there, the content was deleted.

The idiot who hacked my account also accepted a long list of pending friend requests, 30 to be exact, many of whom I wasn't keen on accepting in the first place. I do not know what other changes he had made to my account while he had it in his control and I didn't have time to look fully into it last night. I am glad to say however that he only had the FB account pliable in his hands for 1hour 20 minutes before I regained control and changed the password.

I am really glad that I got the notification from friends about the situation at 2pm and also the fact that it happened on a day that I had half a day off. Another key point was that I had plans to leave the house for a girls afternoon/evening out at 3pm. If the situation were any different, I would not have known about the breach and the trouble caused would have been more significant. It took me all but 20 minutes to fix the issue, leaving me with only 5 minutes to spare before I had to go out for the night. So I thank God it was all in good timing. Any other day... the incident would be 'anxiety attack' worthy.

However when I returned that night, I got another message from a friend that my Friendster account had been compromised as well. My Friendster account has been dormant for 2.5 years. The existence of that account did not cross my mind earlier in the day and when reading that message, I slapped my head a couple of times saying,"Cheryl you fool... it had the same password. You set it up during your days as a student! How can you forget??"

After fixing that up, I was hell bent on finding out how this happened to me. As mentioned before, I do not download music or videos or much off the web. And my password is very strong and is 10 alpha numeric characters long. To get my password, it had to be a keystroke logger with a backdoor. So how could it be that a keystroke logger could have attached itself to my system?

I put on Sherlock Holmes cap and started tracking the source of the hack. Breadcrumb by breadcrumb, page by page, the picture started becoming clear to me. The source of the hack turned out to be an old student email account in University of Canberra which ceased to be operational since I left the uni. That was 6 years ago! It was not to my knowledge that details of email account would still be kept by the university. It is my assumption that details of the address book were still kept in that account and it was through it that my email accounts were compromised. Who know's what other information in my student folder has been compromised as well! Prayer is now necessary that the info is not misused in any other way. It would not be good to have a fake Cheryl going around with my ID.

So do not be naive like me, assuming that your student details are kept safe by your university or that they would delete unnecessary student information after your departure. If it could happen to me after 6 years, it could happen to anyone even after 10.

I am relieved that it was not spyware on my laptop that opened a door for the hack. Because if so, I would be very worried about my bank details as I had just completed a transfer of funds that morning itself. I would also be very concerned about how much info has been leaked through my laptop to the hacker (as I have all sorts of personal info stored on the HD) not knowing how long the back door has been there.

In short, the sequence of the hack was this.

Uni email - Yahoo - Friendster- Gmail - Facebook

And in conclusion, if you received any email from me from those accounts on the 13th November 2009, they are NOT me. It must have been some idiots idea of a Friday the 13th prank.

Very angry, I am.


cheryl

2 comments:

Tim said...

How did the uni account get compromised? Was it an inside job?

AlexandCheryl said...

I am still waiting for an email from the uni addressing how it got compromised. But how I know it was is because I got a notification email that my uni email had been amended from lyu@student.canberra... to lyuabc@student.canberra...

I myself did not remember my student email address until I saw a notification in my Yahoo email account ( which had been deactivated because or prolonged non use - I decided to check it while crumb hunting and found it too was hacked ) The uni email account had my yahoo address and gmail address in it. And the back up email for lost passwords of the yahoo account was the uni account.

So the perp got access that way. One link to another. He just kept hitting the forget password link. This is my conjecture about how it happened.

Since you are techie, have you got any idea how someone can hack into a uni server? How hard is it?