My Account Was Hacked
This week my eBay account was hacked and compromised. A hacker breached my password, got into my eBay account and used it to sell an item that would never be shipped (because it didn’t exist). Thankfully eBay were onto it and stopped my account, notified the unsuspecting buyer that the auction was fraudulent and refunded their money. I managed to reinstate my account, secure it and then proceeded to change ALL the passwords to ALL my existing online accounts.
Let me tell you why: Those who know me will know I am a stickler for using cryptic and long passwords. I can’t stress enough the importance of this!!! The hacking of my eBay account is a brilliant example of how easy it is to crack a weak password. In this instance it was my own fault for leaving an old password on an unused eBay account – the password was 8 characters long with only one capital letter and a number at the end. My eBay account was linked to my email account, which in turn is linked to A LOT of other accounts. Needless to say my new password is now very cryptic and long. This also gave me a kick up the bum to update the passwords on all my other accounts (which had long ago become long-winded, cryptic guardians).
So how do they do it? Hackers are persistent when trying to gain access to your account. If you use a weak password they will succeed. The majority of hackers use what is called a “Brute Force Attack” where they run a program that automatically goes through millions of possible password combinations to gain access to your password protected data. The shorter and less cryptic your password, the quicker the hack. Use a five character password consisting of only lowercase letters and this program will take 11.9 seconds to hack your account. – yes, you read that correctly!!! Eleven point nine seconds! Use a dictionary word or a person’s name and it will take this program even less time than that. By comparison, a nine character password that uses all characters (uppercase, lowercase, numbers and special characters) will take this program 20 millennia to crack. That’s twenty thousand years!
How can you protect yourself? To protect your online presence, I recommend doing the following:
- Ensure your passwords are at least 10 characters long – 12 or more is ideal.
- Use lowercase, uppercase, numbers and symbols (eg: % # > ) in your password
- Mix it up! Use a variety of characters and NEVER use words or names in your password
- Change your passwords regularly – once a month is great, however with strong, cryptic passwords, once every two to three months should suffice.
- Never use the same password for multiple online accounts. Especially for your banking and email accounts.
- Never share your password, especially not via email
Once you have created a cryptic password, you can check the strength of your password using this Password Strength Checker by Microsoft.
If you have any questions, let me know. Good luck and stay safe!