Lessons Learned After Being Hacked

Last week, I had my Outlook, LinkedIn, and Netflix accounts hacked, and it was the first time I had experienced such a thing. Since this can happen to anyone, I want to share some lessons learned from the experience. 

What Happened

It was a typical working day, and I received an email telling me that someone had changed my LinkedIn password successfully from Normandie, France. It took me a couple of tries to change my password, and then I was kicked out – the hacker changed my email associated with the account.

Soon after, I began to get calls and emails from former colleagues, asking if I intended to send them something via LinkedIn and that I may have been hacked. After only 5 minutes, the hacker had already sent a malicious link to my contacts; customers, old colleagues, Microsoft contacts – the lot! 

I reported the incident to LinkedIn, who got in touch within 24 hours, asking me to prove my identity to give me my account back. Once I did this, I logged back in and changed my password. 

Damage done

I looked over my messages and saw that the hacker had contacted over 50 connections with this message: 

Most of those who answered clicked the link, and I responded to as many people as possible, stating the link was malicious. However, I noticed the hacker/bot was having conversations with my connections to convince them I was the one sending the message – scary stuff!

The first lesson in this blog is two-factor authentication. I didn’t have it turned on for any applications I use, so I turned it on immediately. I also checked my live sessions in my settings on LinkedIn and signed out of them all. 

Just when I thought it was all over…

The weekend is here, and I’m enjoying Netflix in the living room when the following message appears on the screen: You have been logged out. My phone alerts me that a new device logged in to my Netflix account, and I immediately think, “oh no, not again.” The Netflix app on my phone allows me to log in, but it is all in Spanish. Shortly after that, my account was blocked, and a new email was associated with it. I feel all too familiar with this. I immediately contacted Netflix support, and they managed to get me back in and recommended I change my password and turn on two-factor authentication to prevent this from happening again. 

It was quickly apparent that my Outlook account had been compromised, and I researched what to do. I found that hackers may re-route emails with “.,” rule so I wouldn’t receive an email with “Reset your password here.” Then I checked my rules, and lo and behold; there was a rule called “.”. So I deleted it and added two-factor authentication again to my Outlook.  

Realising my mistake

To be completely honest, I always used easy-to-remember passwords and did not have two-factor turned on for any of my applications. Some colleagues that work in security have given me some recommendations, so this doesn’t happen again, and I thought it would be helpful to pass those on: 

  1. Always turn on two-factor authentication
  2. Use spacebars in passwords
  3. Use a different password for each application
  4. To be extra vigilant – use a separate email for each application

My hope is that sharing this experience provides you with caution, and after you read this, you will turn on two-factor authentication for every application you use.

2 responses to “Lessons Learned After Being Hacked”

  1. Password managers are a really helpful tool (I use bitwarden). As well as generating strong, unique passwords and handling multi-factor authentication they can identify password reuse and weak passwords that you can go through and change.

    Like

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

Blog at WordPress.com.

%d bloggers like this: