We see it in the news just about every day now. Stories about how some big company had its user-data hacked and stolen, or maybe how fake cell phone towers are intercepting your transmissions. It's at a point where even reasonably cautious individuals run a serious risk of having their accounts and information compromised. It's great if you can prevent these things, but just as important is what to do after you realize a breach has occurred. Thanks to some unfortunate personal experiences of mine, I might be able to help you out with the latter. Let me start with a story of my own breaches.
Once upon a time, my Yahoo e-mail account was compromised. While I have retired that account, it is still, to this day, causing me issues. I'm unsure of how I originally lost control of it. It could have been anything from a keylogger to a phishing site that I accidentally entered my credentials into. I guess it really doesn't matter now. I changed my password and foolishly thought I was secure. I wasn't, but to explain why, let me first ask you a question.
When you forget your password on some random site, what is usually the first thing that happens when you try to recover it? They send a link to your e-mail address. It is by this method that those who compromised my e-mail account gained access to many other accounts of mine. Xbox Live, Origin, many MMOs I played
, and probably other things I haven't even thought about. As a result, several charges were made to my Xbox Live account and my MMO accounts were tampered with and used for some form of malicious intent, then banned.
Not even changing the password on my Yahoo e-mail account was good enough. You see, the hackers added their own e-mail recovery address to my Yahoo account and no matter what I did, I could not remove it without the help of technical support. I even added two step verification with my cell phone, but when I went to recover my password, it simply asked if I would like the recovery link sent to my cell or to the mystery e-mail address, totally defeating the purpose.
I had to change the e-mail for everything associated with my old Yahoo address, and some services did not allow me to do this easily. Guild Wars 2 for example — after going through a lengthy process to get my account unbanned, I had to start another lengthy process to get my e-mail address changed. You see, in Guild Wars 2 one must seek human intervention to change the e-mail address used by the system. Before I could even complete that process, the hackers reclaimed my MMO account and got it banned all over again. I have since given up on ever playing my Guild Wars 2 characters again. I can't even change my Origin e-mail address because it asks me security questions that are now in some other language. All of this because my stupid Yahoo e-mail address became compromised.
What have I learned from this experience?
- Check all recovery options associated with an account after it is compromised. Changing your password every day will not help you one bit if hackers have set your account to recover to their e-mail addresses, or to their security questions.
- Absolutely do not allow your credit card info to remain on any site. This one is a little inconvenient, but will save you a ton of trouble. If a site allows you to checkout without saving your card on their system, but rather asks you for your card info on a per-checkout basis, do it. Decline to ever store your credit card info for future purchases. If you must do so, remember to delete this info after your purchase.
- For a compromised e-mail, check forwarding options. Gmail, for example, allows you to forward a copy of all your incoming e-mails to another address. Once this system is in place, its function is not readily apparent if you are not on the receiving end of the forwarded e-mails.
- Preloaded cash cards for services like Steam and Xbox Live are a good thing. Consider buying them instead of using your credit card for purchases. I definitely don't always do this, but I keep the idea in the back of my mind for when it's convenient.
- Use 2-step verification for sensitive accounts. Either use it for the accounts that you must keep payment info on, for accounts, like your e-mail, that can cause additional breaches, or both.
- Do not ignore warning signs. Is a site you commonly visit suddenly appearing in a different language? Don't write it off as a glitch, this is a tell-tale sign that you've been compromised. Is the password that you are pretty sure you remembered accurately not working for you? Someone else has probably changed it.
Yeah, some of this stuff is pretty annoyingly inconvenient, but I promise you, it's not as annoying as trying to reverse charges to your bank account, or having your Xbox Live/Steam account locked down for over a month. Even if you really hate using additional security measures and precautions like me, following these tips can be totally worth it.
At this point in time, everyone, regardless of how paranoid and tidy their internet activities are, has a chance to get their information compromised. It's becoming more a question of "when" than "if." I still hope this never happens to you, but if it does, remember, simply changing your password is often not enough. Knowing how to fix a problem is the next best thing to avoiding it entirely.