Monday, October 24, 2005
I hadn't received any email since Friday, but didn't think much of it, as I knew that Rogers was having serious problems with its connections on that day. I noted that I was able to surf the Web and download from Usenet, but no email.
Over the weekend I was too busy to be bothered too much about email, though I rebooted the modem at one point when everything was down, trying to see if it would come back along with eveything else. Web and Usenet came back, but still no email. Figured the central email server was down.
But today I realized that something was amiss. The error message I was getting was not that there was no connection, but that my password was invalid.
So I called up Rogers and had my password reset. After confirming who I was, it was reset to what it had been before, which was a simple string of numbers. The emails started flooding in almost immediately, showing that everything worked.
Given how easy the old password would have been to guess, I also got instructions on how and where to go on the Rogers site to reset the password to something that would be much less easy to guess.
That was how I discovered my email account had been hacked.
Sure enough, there was an email message to my account on Friday saying that my password had been changed -- but I hadn't changed it. Someone else had. When looking through my online account info I found that three additional email addresses had been made, all sounding like typical spam names, all slightly improbable (one of them was a 'Sir' something). Someone had also tried to set up a, additional Web profile.
Called back to Rogers to report what had happened, and proceeded to delete everything that were not things I had created, and re-set my password to something much less-guessable.
Largely my own fault for not changing the easily-guessable default password in the first place. So far I haven't seen any emails back from people annoyed at spam that may have been linked to my account, so am hoping that it was a script kiddie having some fun at my expense, or that I stopped somebody before they got in too deep.
What's even more disconcerting, though hopefully unrelated, was the fact that someone had tried to bill some online gaming service to my name. Luckily they had the wrong credit card info and it didn't go through, but am hoping this is not part of a concerted effort at identity theft.
Subscribe to Posts [Atom]
