How did they get my password?

Published: 18th November 2022

Picture this; you’re going about your business one morning when your phone rings. It’s a friend who’s just received an unusual email from you. No bother, you carry on.. it was just a one-off… but then you get three more calls saying the same thing and the fear kicks in.

Your email has been hacked.

You’ve been locked out.

Once you manage to restore access you’re greeted by an EMPTY inbox.

Everything gone.

This happened to a friend of mine recently. The hackers stole ten years’ worth of emails. Ten years’ worth of companies he has dealt with and knowledge of his solicitor, accountant, clients, and shopping preferences. The whole lot.

To get all this, all the hackers had to do was breach one password.

My friend had opened his email account a long time ago and had not updated his security; as such he didn’t have 2FA.


How did the hackers get his password?

There are several ways for hackers to obtain passwords, or break into accounts.

A reused password
If the same password is used elsewhere and is stolen in a data breach, the hacker will then take the credentials they have and move laterally to test other sites.

You’ve lent the password to someone else
If you historically sent the password to someone else, perhaps by email, then this other person is hit by cybercrime and has their inbox breached.. the hacker will be able to find your password.

Malware infection on your device
This is malicious software that can arrive on your computer in multiple ways and if not caught can extract information; including passwords.
Software updates and antivirus software help minimize this event.

Public Wi-Fi
Connecting to public Wi-Fi means that you are on the same network as all other users, your devices are connected. The internet traffic to and from your device can be read by other users, with specific software and a bit of know-how. This can include unencrypted passwords.

Brute force
This is where a hacker uses software to breach your password; it will try thousands of combinations a second until it hits the right combination of characters.

My friend’s password was about as much use as a chocolate teapot.

The solution here is to enable two-factor authentication; which is a valuable second layer of security.

If you haven’t already now is a great time to review the security of your inbox. Make sure you have a long password that is only used for this account and set up that second layer of security.

Would a checklist be helpful?

There are 7 things that must be done before a cyber attack on your business. I have compiled a checklist for you to work through – please fill in the form below if you would like a copy.

7 things to do before a cyber attack

Please enter your email address here; your checklist will soon be on its way.
You will also receive regular security tips and advice by email.

Your subscription could not be saved. Please try again.
Your subscription has been successful.
We will use and protect your data in accordance with our Privacy Policy.
You can unsubscribe any time.

Follow me @confidentdigital on Instagram