Last night, something happened to me that changed my entire perspective on the internet. All of my most important online accounts, including my PayPal account, were hacked by one individual - seemingly in a matter of minutes. By the time the person was done, they had the following:
Three personal e-mail accounts
AIM Messenger
My hosting space
Ripway.com account
PayPal
MySpace
One IMVU account
Some of the above is serious and some of it isn't. The most serious part is that I like to think I choose good passwords. I use lots of letters and numbers and even capitalization. I make them unique and hard to guess. But even that didn't save me from one person taking over my entire life last night.
I found out I was being hacked when AIM sent me a message, telling me I was logged in at two different locations. Suddenly, people on my list that I wasn't even talking to began messaging me. I wrote a mass message to my list to tell them I had been hacked. The guy hacking me, used my own AIM account to message me and began telling me that I needed better passwords and told me everything he hacked.
I started changing my passwords - starting with my AIM account. I opened my e-mail to find multiple messages for password retrievals that I didn't ask for - all of them opened. That is how I knew he'd gotten to everything. Not only did he have my main, personal e-mail account, but the use of that account lead him to other accounts associated with me. And since I was using two e-mail accounts interchangeably, it was only too easy for him to use one against the other. Whatever password he couldn't find, he could just ask that it be sent to my e-mail and he had it.
He gained a lot of my personal information - including my full name, address and home telephone number from the account section of my hosting space as held by the company I host with. He was able to read correspondence between myself and family as well as my attorney - very personal and confidential messages.
After he was done hacking into my accounts (or so he said he was) he began talking to me, telling me exactly how he did it. He started with my Ripway.com account. While this topic is important to the IMVU community (and anyone really), I think it's even more important because so many of you use Ripway.com as a free hosting site for your badges and your home page.
According to my hacker, he first landed on me by hacking into the root folders of Ripway. There he was able to find credit card information as well as the logins and passwords of everyone who has purchased space from Ripway. He took my password and the e-mail address associated with the account and put two and two together. He used one account to gain access to the next going back and forth through my entire online life. If he had continued, he would have ended up in my Bank Account. He already had control over my PayPal assets.
Fortunately, I was lucky and the guy was, I dare say... nice about it. He left me alone after that and I changed every password to every account I own. I spent hours last night making crazy new e-mails and dividing up everything. I learned a very valuable lesson last night and I felt it was important to share.
Subscribe to:
Post Comments (Atom)
7 comments:
I am deeply saddened that this happened to you and hope that it does NOT happen again. For everyone. Thank you for warning us!
Wow Kimi, I don't know what to say =/
Yes thanks for the warning us, I'll be getting rid of my ripway as soon as possibly and transferring all my codes to my hosting space
Wish I had seen this before this weekend. My account was hacked either Staurday night or Sunday morning. Not only was my home page replaced but all my files were deleted.
I was "this close" to buying extra space from Ripway because I wanted extra bandwidth. Not anymore. After I discovered the hack, I deleted the hacked page and am not going back to ripway any time soon.
I am so very sorry to hear of you being hacked as well. It's a serious issue. I had heard bad about Ripway in the past, but you know how some people can be when they feel they weren't given the service they were looking for. I figured - how bad could it be?
I wish I'd known more about their lack of security. In the end, it was partially my own fault. I could have done a better job of securing my own passwords and information, but I didn't. Too many personal e-mails connected to one another doomed me.
You stated, He started with Ripway account, As far I know extracting main info from hosting accounts are so easy that ... Core files of all databases are stored in a lame config php file, When he snatches it he rules you, In hosting accounts in spaces try to set the file attributes to "644" that they can be accessed only through FTP's and not HTTP roots ... That prevents you from the ethics of hacking !
OMG!!! That is HORRIBLE!!! I'm so sorry!!! I'd go CRAZY! Your very lucky he left you alone... Wow... Thank-You SO MUCH, for the warning, that's scary...
I am so sorry to hear this. glad to hear things are ok now. I hope you changed your bank info too.
never know if the guy will use it later if he has it.
munay, kulamakani
Post a Comment