Email Compromised, Hacked Email
This morning at 5:45am, I could already feel the groans. Only, the groans were not originating from my throat. They oozed out of my iPhone5 through notifications to my email. Understanding friends and colleagues let me know that my email had been compromised. My heart sank. The very last thing I would want anyone to receive from me is SPAM emails, but more importantly, I wanted to make sure that anyone contacted by the spammer would know what to do when you got SPAM.
The news has been filled with companies notifying consumers when their credit card and personal information have been hacked. Last year, a large banking company contacted customers after a personal computer with customer information was stolen from a laptop. We’ve gotten used to hearing it in the news as something that happens “out there”. So what if it happens to you?
Who Was Affected?
The people who received a spam email from an old, unused Yahoo! account formerly tied to my business website were those who either knew me between 2006-20010, and therefore used my former email during that period of time. Anyone who connected with me after 2010 were not added to the earlier contact list of people on that email’s platform.
Why Did You Keep Your Email Address?
In 2009, I moved my business platform and email to Media Temple and Google’s Gmail. I kept the email address, imeis_sdc@yahoo dot com. Why? The way that many providers are tracked on the Internet involves multiple sites that proliferate your email and location even without gaining your permission. This cannot be prevented. As fast as providers can contact them to change email and location information, another site populated and proliferates the old information. To provide uninterrupted service, it was important to not entirely remove the trail to the Yahoo! address, and to make sure that connection to those searching for my business and services were not lost.
Was Any Of My Information Compromised?
If you received the spam email (an email generated from the Yahoo! address with my name and a link to a piece of spam), the spammer bot has your email address, not necessarily your password.
All emails that were in that account between 2005-2010 had long been destroyed. When I looked at the account today (Friday February 21, 2014), the email inbox was empty. The spam inbox had about ten items in it and were appropriately sequestered to trash.
Is My Email Compromised?
While it’s unlikely that your email address is compromised, there is no guarantee. Please continue reading if you would like to know what to do.
What Should I Do If I think My Email May Be Compromised?
There are two things I recommend you do immediately:
1. Change your password, and make sure that ANY account that you use regularly that you used the same password for is also changed.
If you do not know how to make a complicated password that cannot be easily hacked, click here: http://passwordsgenerator.net/ <<— this will do it for you.
2. Program into your electronic calendar to remind you to reset your passwords every 6-8 weeks. I kid you not. If you have something to protect, this is worth doing.
For example, I use an electronic billing program called OfficeAlly.com. It automatically forces all users to use a complex password and to change it every six weeks.
3. If your email platform asks for an alternate email address to contact you as a part of the Account Settings, a spammer may have altered your account information, even if you changed your password. You should remove that email address and provide a different one (and again, secure the password).
Will I Be Receiving Any More SPAM From Your Account?
As of 7:00am Feb. 21, 2014, I severed ALL business connections, products, and services with Yahoo! with no mercy. Ironically, it took seven uses of the two-part verification with my new password to get the platform to allow me to delete the account in its entirety! In the process, I left no remaining trail, including no forwarding email. Essentially, I pressed a “kill switch” and took a potential financial loss in order to burn any possible bridge spammers or hackers could use.
My Yahoo! account and my Gmail are separate accounts and were never linked or forwarded. Instead, I had Yahoo! mail shunted to an isolated email account on Apple, an @me that didn’t forward anywhere else (wasn’t that clever?).
Therefore, I have fairly high confidence that the problem was swiftly identified and solved.
What’s New On the Horizon?
While the HIPAA Omnibus in 2013 allows all clients of SDC to continue to use their popular email platforms such as Gmail, Hotmail, and Yahoo!, this incident highlights the problems that can happen when we use them on a daily basis. While my Gmail account has never been hacked (knock on wood), I am not assuming that will stay true.
Instead, I’m planning on upgrading to Gmail’s Premium version , and using some of their business apps because (guess what?!?) they will offer a Business Agreement and agree to be a Business Associate to guarantee privacy (involves things like a private key that only I retain).
I am also looking into Amazon Cloud Services for storing information that has PHI (personal health information). While Gmail’s Premium service will be enough, there is an additional project I and my developer are working on that requires a cloud service that has some serious clout with the privacy world, and Amazon’s cloud service definitely has that clout in a serious way.
All to say, I want to assure my clients, past, present, and future, how much we value you and are working to constantly protect you.
Do you have additional questions about what happened? Confused about what to do if your email is compromised that I didn’t cover here? Feel free to send an offline message.