Friend had site hacked
Posted: Mon Mar 12, 2007 9:13 am
Greetings-
Thought I'd post this as a *reminder* about changing passwords and keeping one's account details in check. We all tend to get complaisant about online access and shopping-- the "it can't happen to me...." mode.
A friend runs a popular web site, that also has an online store. His email (from Google) got hacked, which lead to his site getting hacked. His customer's CC info was compromised, resulting in hundreds of fraudulent charges to his customer's cards. In addition, his personal accounts and information was also affected.
Here's his recent posting. I've edited names ect out.
=======
=======
Since my email account and online store was hacked I've taken a crash course over the last 4 days in keeping myself safe from hackers and i just wanted to share what i've learned. Hopefully this info will help protect one of you in the future.
My biggest mistake was using ONE email address for everything. HUGE mistake! Once the hacker was inside my email he was able to see "order alert" emails coming in from xxxxxxxx my online store. This prompted him to snoop for my admin login page on the online store of which there was a "resend password" button. Well, since i only used one email for everything the password was mailed to my email of which he already gained access to.
He also snooped thru my emails and saw that i had a godaddy, expedia, UPS account, my personal credit card company login and bank account login. Since i only have one email he was able to go to each of these websites and hit their "forgot password" or "resend password" buttons and retrieve my passwords. He then proceeded to change my passwords to everything and lock me out.
godaddy.com is where i have the domains for the site registered. Once in godaddy he shut the site down (some of you may recall it going down earlier in the week) and proceeded to try and transfer the registration to another company. Thankfully i was able to get a live person on the phone at godaddy and convince them i was the rightful owner of the domains so mike and i could take back control and get the sites back up and running.
At expedia.com he was able to see xxx and i have flights booked at the end of the month and proceeded to try and cancel the flights, but thankfully they were not cancelable or refundable.
So the valuable lesson learned and what i want to impress upon you is do not use just one email address for anything of importance. I now have separate private emails for each of the important things such as godaddy.com and the online store of which nobody knows the email address.
I feel like such a schmuck for making it too easy for this hacker. Its been a valuable lesson learned!
This hacker was extremely reckless in his actions which will make it easy for the FBI to trace him down. They are certain they can get him and assured me they have a team of the best computer forensics experts on the case.
Forget what this hacker has done to my personal life, what makes me most sick to my stomach is he may have your credit card numbers and has sold them off or is using them to make unauthorized purchases. So please call your credit card companies to check that no unauthorized purchases are being made. I'm extremely sorry for this inconvenience and i assure you xxx and i have gone thru great lengths to ensure this will not happen again.
And PLEASE, if you are using one single email address for important things like your credit card, bank account, etc. please consider setting up a separate email address for each of them.
=============
Thought I'd post this as a *reminder* about changing passwords and keeping one's account details in check. We all tend to get complaisant about online access and shopping-- the "it can't happen to me...." mode.
A friend runs a popular web site, that also has an online store. His email (from Google) got hacked, which lead to his site getting hacked. His customer's CC info was compromised, resulting in hundreds of fraudulent charges to his customer's cards. In addition, his personal accounts and information was also affected.
Here's his recent posting. I've edited names ect out.
=======
=======
Since my email account and online store was hacked I've taken a crash course over the last 4 days in keeping myself safe from hackers and i just wanted to share what i've learned. Hopefully this info will help protect one of you in the future.
My biggest mistake was using ONE email address for everything. HUGE mistake! Once the hacker was inside my email he was able to see "order alert" emails coming in from xxxxxxxx my online store. This prompted him to snoop for my admin login page on the online store of which there was a "resend password" button. Well, since i only used one email for everything the password was mailed to my email of which he already gained access to.
He also snooped thru my emails and saw that i had a godaddy, expedia, UPS account, my personal credit card company login and bank account login. Since i only have one email he was able to go to each of these websites and hit their "forgot password" or "resend password" buttons and retrieve my passwords. He then proceeded to change my passwords to everything and lock me out.
godaddy.com is where i have the domains for the site registered. Once in godaddy he shut the site down (some of you may recall it going down earlier in the week) and proceeded to try and transfer the registration to another company. Thankfully i was able to get a live person on the phone at godaddy and convince them i was the rightful owner of the domains so mike and i could take back control and get the sites back up and running.
At expedia.com he was able to see xxx and i have flights booked at the end of the month and proceeded to try and cancel the flights, but thankfully they were not cancelable or refundable.
So the valuable lesson learned and what i want to impress upon you is do not use just one email address for anything of importance. I now have separate private emails for each of the important things such as godaddy.com and the online store of which nobody knows the email address.
I feel like such a schmuck for making it too easy for this hacker. Its been a valuable lesson learned!
This hacker was extremely reckless in his actions which will make it easy for the FBI to trace him down. They are certain they can get him and assured me they have a team of the best computer forensics experts on the case.
Forget what this hacker has done to my personal life, what makes me most sick to my stomach is he may have your credit card numbers and has sold them off or is using them to make unauthorized purchases. So please call your credit card companies to check that no unauthorized purchases are being made. I'm extremely sorry for this inconvenience and i assure you xxx and i have gone thru great lengths to ensure this will not happen again.
And PLEASE, if you are using one single email address for important things like your credit card, bank account, etc. please consider setting up a separate email address for each of them.
=============
