Not so long ago, you might have gotten an email from me that stated I was robbed at gunpoint and stranded in London with no money. If so, you probably figured out that my gmail was hacked. What you might not have figured out is that I’d rather be robbed at gunpoint and stranded in London than have been hacked. Not only was it heart wrenchingly strenuous to recover my gmail, but I lost thousands of email messages, had to set up extra security for gmail, still haven’t figured out exactly how I got hacked, and had to send an embarrassing email to the hundreds of people who got my London spam (most I hadn’t talked to in YEARS) when I’m one of those people who should know how to avoid getting hacked.
I thought I was impervious. After all, one of the lessons I learned from working at GoDaddy.com was how to create strong and unique passwords. I generally have passwords that are alphanumeric, mixed capitals, unique to each account. But once one account was hacked, it was easy to hack into the other account because they were the recovery email for each other.
On the bright side, although both my Yahoo! and gmail accounts were hacked, my Yahoo! account was mostly complete when I recovered it. Gmail, however, was decimated – thousands of messages deleted from inbox, contact list gone, spam sent, settings changed.
Recovering Accounts
When I found out I’d been hacked (both my Yahoo! mail and gmail), I began trying to recover my accounts. I started with gmail, and what a convoluted process that was. If your gmail was hacked, I strongly recommend you read about the account recovery process here: How to successfully recover a disabled gmail account. This guy goes into all the detail you need, including recommendations for avoiding this situation in the future. The only update I have to his information is that it can take longer than 15 minutes. I recovered my account 1.5 hours after submitting the recovery form. I actually thought my recovery was going to be rejected, it took so long.
What helped me the most was having my gmail inbox still open on my laptop and using my iPad to recover my account. This helped me name four of my most frequently named labels and the email addresses of five frequently emailed contacts (although I could have recovered email addresses from my phone, if needed). The other thing that helped me was remembering the approximate year I joined gmail and the person who invited me.
Recovering my Yahoo! mail was so much easier. Although all of my account information had been changed, including my gender, birth date, birth year, and security question, Yahoo! allowed me to go back to the security questions I’d set up before the hack, I answered them, and I was in.
Setting up extra security
I absolutely do not want to ever ever go through this again. So, after recovering and cleaning up the mess, I set up Google’s Two-Step Verification. Lifehacker covers it best: Set Up Google’s Two-Step Verification Now for Seriously Enhanced Security for Your Google Account.
So what happened, anyway?
Virus scans didn’t turn up anything suspicious on my computers. My best guess is I managed to duplicate a password somewhere. Considering the crazy number of sites that require accounts, I can see how duplication can eventually occur.
Going forward, I’ll be more careful to avoid duplication. And I’ll file my email messages so I don’t lose thousands if I ever get hacked again. Leaving messages in the inbox is just a bad habit anyway.