This morning when I woke up and did my daily routine of checking email, two very suspicious emails showed up in my inbox.
Of course first thing first I check if it is a scam or not. It seems not be the case:
- email is legit
- Reset password link SSL cert is legit
I immediately check if the hackers has posted something on my behalf. After all, all I care is my reputation. Luckily there is none. What a relief.
Of course the next move I take is to reset my password. Twice. I admit it was irrational but it made me feel … cleaner. This password cracker have violated me.
After this irrational move, it may have tended my own emotion. And my rational self came back. I was very concerned about the blast radius. How many of my personal information has been exposed? How many accounts are linked to this Instagram account and I need to take care of? Can people use those information to do harm? I went through a thorough exercise, and I concluded my personal photos, phone numbers, 2 email addresses and Facebook accounts has been compromised. Luckily I have published those information somewhere and there was nothing I was too concerned about.
It is very lucky that I always practice a good security hygience to prevent an all-out leakage of my personal information. My principles are simple:
- Use a password manager. My recommendation is 1Password or iCloud KeyChain. Before I subscribed to password manager, I have been reusing password since I had my first online accounts. That didn’t give me the peace of mind. So I have added a trick. I have separated different services into 3 tiers. I reused password for the same tier and I won’t put sensitive information into services in lower tier. And for banks, I have had the longest password.
- Everything I uploaded to facebook is considered public. This company cannot be trusted.
- Use a long password. For example,
%4FHcdhis less secured than
hack-shanghai-xijingping-winnie. Just checkout your password strength in this tool
Hope you won’t have to go through what I had this morning!