You’ve been hacked

How did this happen

I received an email the other day stating I had visited a porn site and that everything was recorded that I had looked at.  If I did not pay $500 in bitcoin, this information would be made public on the internet.   It even included my email address and an old password, with the remarks “Now do I have your attention”.  The only problem was, I don’t look at porn sites.   But how did they get my email address and password?

The number one answer is a data breach.  My email, name, and password were stolen from a retail website that I had purchased something from. To see for yourself, visit https://monitor.firefox.com and enter your email address.  I am 99% certain your information will be found in some kind of data theft/hack (be sure to try multiple email addresses you use to make online purchases with).

With this information, hackers will now use this data (email address and password) by using a password tester/cracker that tests thousands of sites per minute including Gmail, Amazon, eBay, and many other popular sites.  Even if you have multiple email addresses, hackers know that you use the same password for all of them.  Not to mention your password is probably easy to guess.  My old password could have been cracked in 4 days and I thought it was a secure password.  Test your current password to see how long it would take to crack by visiting https://howsecureismypassword.net. You may be amazed at how quickly someone could guess your password.   (This is a secure site, and no data is saved. )

Consider these identity theft statistics:

  • In 2017, 6.64 percent of consumers became victims of identity fraud — that’s about 1 in 15 people
  • Overall, 33 percent of U.S. adults have experienced identity theft, which is more than twice the global average
  • One in five victims of identity theft have experienced it more than once
  • Over 1 million children in the U.S. were victims of identity theft in 2017, costing families $540 million in out-of-pocket expenses
  • There’s a new victim of identity theft every 2 seconds
  • Identity theft is one of the most common consequences of data breaches, and exposed consumer records jumped 126 percent in 2018
  • Emotional distress is reported by 77.3 percent of identity theft victims

In other words, if your chances of winning the lottery were 1 in 15, as the odds of being an ID theft victim, we’d all have family, friends, and colleagues who are millionaires.

What can you do

  • Protect all of the accounts of the websites you log in to by NOT using the same password.   A person has an average of 12 accounts for things like Amazon, Paypal, etc… and the username and passwords to these 12 accounts are 83% of the time the same.
    I highly recommend using a password manager like LastPass (https://www.lastpass.com) to keep track of your username and passwords.  It works on desktop and mobile devices, and I have found this to be the best password manager for myself and my family.

    • It keeps track of all the username and password to all of your accounts
    • Easy authentication with autofill for desktop and mobile
    • Automatically saves new account login credentials
    • Creates 30+ characters randomly generated passwords
    • Makes sure that no single account uses the same password.
    • Share folders of accounts with other family members (Sling TV, WiFi passwords, etc..)
    •  I also highly recommend using the LastPass Authenticator app to secure your LastPass account.
  • Change your password every 3 months.   Easy to do using LastPass.  This way, any dark web data that sits around for more than 3 months consists of old passwords.
  • Most importantly!  Protect your Gmail account using 2-Step Verification.  Why Gmail, because this is the email address most commonly used to make financial transactions (purchase something).
    • Turn on 2-Step Verification
      2-Step Verification helps prevent a hacker from getting into your account, even if they steal your password. To avoid common phishing techniques associated with text message codes, choose a stronger second verification step
    • I highly recommend Google Prompts (More secure than text message codes)
  • Signup for Firefox monitoring (it’s free) and enter all of the email addresses you and your family use.  Firefox will notify you in the event they find your email address in a data breach.  Somehow they seem to be way ahead of the game when it comes to monitoring stolen data.

When it comes to paying for credit monitoring services, it depends on yourself and your family and what you are wanting to pay for.  And yes, include all of your kids in this monitoring service.    Here is a link to “The 7 Best Credit Monitoring Services of 2020“.

You may also want to consider putting a 3-year credit freeze on your SSN so that NO accounts can be opened with your personal information.   You can read more about this by visiting the  U.S Consumer Federal Trade Commission web site at https://www.consumer.ftc.gov/articles/0497-credit-freeze-faqs