Today a hacker got into my Gmail.
I got a strange notice on my BlackBerry saying that emails to my Gmail account were not being delivered. I figured Gmail was down or something. No big deal. A couple minutes later I got an email from my Bill that simply said “You hacked?” with an email I had sent him from my personal account 20 minutes earlier with a shady link that I had never seen before in my life. Yikes.
This was ruining my day already, but it got worse once I finally verified my account and logged in to my Gmail. It turns out I had “emailed” the link to, well, just about everybody I had ever emailed in the last four years. Ex-girlfriends. Fedex. Newspaper editors. Professors. Former employers. Fantasy football rivals.
I found out the hard way that spam doesn’t discriminate.
There was some good news though. Google managed to block most of the outgoing emails and saved me a lot of embarrassment.
After I realized that the situation wasn’t quite as bad as I had feared, I started trying to figure out how some “spam artist” in Lithuania got my Gmail information. My web browsing hadn’t been any different the past couple of days than it had been the past several years. I certainly didn’t disclose my login credentials to anybody else.
Eventually, I found that Gmail had been compromised at some point a few weeks or months ago and thousands of usernames and passwords had been accessed. I wasn’t the only one having the same issue this morning. It wasn’t my fault, right?
I’ve always told people that they need to change the passwords often, but I’ve never really done it myself. I think I’ve changed my Gmail password once, maybe twice, since I opened the account. So it turns out I did play a pretty big role in my account being comprised. It just took some shady dude to poke around in my account for me to realize my error in judgment.
My web-based email account is the information pipeline for my entire life — both online and off. For about 20 minutes, somebody had access to everything about me. They could find bank statements, passwords to other sites, names, and addresses. They could see when and where I was meeting up with friends, what kind of pizza I ordered last weekend, and what I was watching on Netflix.
The amount of information a spammer or hacker could gather by spending even 5 minutes reading through your emails is staggering. While I was lucky enough to escape the intrusion without any major damage, it was certainly a wake-up call.
Change your email password often. Change it right now. The 30 seconds of hassle every few weeks sure beats spending an hour explaining to your ex or your biggest client why you emailed them a “must-see” deal on some sketchy enhancement pills.
Illustration by anonymonk