Compromised Email Account
An old email account I no longer use was compromised this morning. I found out about it because my current email address received an email from my old account. The email contained nothing, but a link (which I never clicked). I knew my old email account had a weak password, but because I never used it, I never thought to change the password. Silly me.
What I did:
- Immediately, I logged onto my old email account and changed the password to something more secure.
- I checked the Recent Login Activity log to see when and from where the person had logged into my account. It was someone from Poland who logged on 1 minute prior to me logging in and changing my password (like I said, I acted immediately). I didn’t see a way to force the Poland user to get logged out, so I hoped that the email provider would be smart enough to do so when I changed the password.
- I sent out an apology email to everyone on my contacts list to let them know what happened and advise them NOT to click the link in the original email. I also reminded them about the importance of strong, secure passwords.
- I googled to see if there was anything else I should/could do, but I didn’t find much more than changing your password.
- Make sure your current email address is in your contact list on your old email accounts. This helped me know right away that my old account was compromised.
- Use strong, secure passwords. Ideally, they should be at least 8 characters long, contain both uppercase and lowercase letters, and have a mix of letters, numbers, and symbols.
- Your email password, in particular, should be unique and your most secure password, because if anyone gets access to your email account, they can easily gain access to any of your other accounts.
I think because I was able to act quickly, I was able to prevent some of the spam. Of the people I talked to today, only about half received the spam email.
Google 2-Step Verification
On a related note, Google recently added 2-step verification to Google accounts. With 2-step verification, it requires something you know (your password) and something you have (your phone). When you try to log in to your Google account, Google sends you a code via text or voice message that you have to enter when signing in. I’ve been meaning to set up 2-step verification on my Google account for a few weeks now, but I made sure to do it today.