(This actually happened yesterday . . .)
I tried to sign in to one of my gmail accounts, and I couldn’t.
I retyped my password.
I rechecked it.
I copied and pasted it.
Nope, no luck.
This is weird. I changed my password the night of April 6, just in case.
So, I tell Google that I’ve lost my password. It sends a link to my other account, to enable me to sign in and change my password.
I do it.
A minute or so later, it tells me that my account is open in another location, and they are signing me out.
My account SHOULD NOT be open on ANY other computer. It has been months since I’ve signed in from another computer. And I always, always, always sign out, erase the history, cookies, and everything else and restart the computer, if it’s not my computer.
I only have one computer. This one. (Too bad, because then Yitzchak and I could both work at the same time.)
There is no reason that my account should be open in any other location.
Which means: I’ve been hacked. And I was lucky enough to catch the guy.
I sign back in. I go to the bottom of the page, and sign out all other sessions. Then I take a look at the IP.
It says my IP. There are two other IPs listed, but both are from a few hours ago. Time differences? Both are apparently in Israel.
Makes sense, if you suspect that the hackers are Arabs.
But the IP locator will only tell me that I am from “Haifa”, and these two are from Tel Aviv. It will also tell me what company. Not too useful.
I enable, on all three of our gmail accounts, 2-step verification.
At first I tell it to trust my computer.
But if most of these have my IP, and all of them give the same browser/computer information, is that really a good idea?
No, it’s not.
I tell it not to trust my computer.
Which means that from now until I disable it, every time I want to sign in to my account, they will call me, tell me the code, and I will have to wait for the code before I can sign in. (My phone doesn’t get text messages.)
And it takes longer to load after the two-step verification.
Great. Just great.
I knew this stuff happened, it just had never happened to me before.
Thank G-d I caught it in time.
And now I worry about my WordPress account, and my Hotmail account.
Oh – and my bank accounts?
I hope that none of the other stuff I hear about – related to this and related to everything else – will actually happen to me or anyone I care about.
I wonder what they did to my account, and what they were planning to do.
Should I give the IPs to Yitzchak’s father and let him lay some traps? That way, I don’t have to worry about two-step verification. (And because I still sort of want to preserve my privacy, I won’t tell you who Yitzchak’s father is. I’ll just tell you that he’s famous in his field. And he’s brilliant.)
May I – we – never have to go through any of the nasty stuff I hear others going through, no matter what type of issue it is.