Online Security: Why Were We Whacked and Hacked?

hacker graphic

The Hackers Did A Hack Job On Us!

I’ve been keeping my login credentials in my browser for many sites, because of the ease, convenience and hey, they were just shopping sites, so I didn’t worry much about online security. My credit card is protected, right? Google works hard to keep their browser safe, afterall, online security is important to the Alphabet company as they keep files, data, domains, etc safe for subscribers. What do I need to worry about? Then it happened. We had an issue with my daughter’s social media account. It was hacked and stolen.

My blog posts have links that refer readers outside of this blog post. Many but not all links are monetized, meaning if you click a link and/or if you make a purchase after clicking a link, I may earn a small referral fee or commission.

During the first 36 hours it went missing, we had no idea what was going on. We guessed that it was because her account was monetized and able to run ads. Her account could and did attract advertisers who pay for advertising space on her profile. So is that what they wanted? A verified site to get advertising revenue? Maybe it’s easier to steal one already monetized than to do the work themselves?

Image by Gerd Altmann from Pixabay

Or was there more to it? Were they wanting her bank account and credit card information? We all know hackers are after the easy buck, right?

The theft was reported as soon as we discovered it and the platform began an investigation. We sat back and waited for a response. In the meantime, we researched online security. Obviously, we needed to work on that aspect. It wasn’t long before someone from somewhere in cyberspace reached out with a tip the next day, which we also forwarded to the investigating team. The tip included screenshots of her online profile at that moment. While I couldn’t see it, it was out there!

The anonymous telltale’s screenshots were enlightening. We discovered Manda’s profile was targeted. The thieves did exercise intent to steal and sell her profile in the international black marketplace. While we reported promptly, what these cyber criminals and the ‘new owner’ of her profile accomplished in a short amount of time made my head spin.

Discovering Why

It took just over a day and a half for the account to be returned to us by the social media platform. We thanked them profusely, took a moment to enhance her online security and could finally breath a little easier. Once we reclaimed possession of the account, we dove in. Why? That was the question, “Why her account?”

We discovered that within 12 hours the profile’s theft, her page was remodeled, renamed and had over 215K engagements. It was rebranded to look like a fashonista personality – photos of her, use of my daughter’s first name as the brand. But scrolling down the page, we noticed video posts. The videos were of a different woman — not the fashionista in the profile picture — who appeared to be selling children’s clothing. And she was receiving thousands of comments on the video. Even videos that were only a couple hours old.

We went through the posts made on her page, translating each post from Vietnamese to English, because we were curious. Why all the comments? This video was getting as many or more comments than many A-Lister’s social media pages. It seemed like a lot of work to steal an account to sell children’s clothing? Why didn’t they just set up their own account? How hard could it be to monetize a site that was receiving 215K engagements and video views?

The Profile Was Purposed For Evil

Everyone on my daughter’s team was curious. What actually happened to this account in about 36-40 hours? We kept translating the comments posted on the videos. Most of them had a sense of hiding something — they were a bit cryptic. At first I thought it was just something lost in translation, but it was consistent. My red flag was raised. It appeared strange that so many people wanted children’s clothing. There were 215K comments and likes about children’s clothing in a matter of a few hours.

Then we saw something disturbing. Someone was asking to purchase a child — not clothing. The request included the desired age, height and weight. Were all those cryptic messages asking the same thing? Instead of asking for clothing, were they using clothing sizes to indicate their purchase preferences? My heart sank so low. The account was being used for evil.

Image by PublicDomainPictures from Pixabay

My daughter panicked and before I could react, she deleted the posts. In hindsight, we should have screenshot the posts and forwarded them to the social media platform so they could investigate. I did report it, but without the screenshots. We live in a very sad world.

The Big Business Behind Petty Thefts

If I were to say that my online profile was stolen, most people wouldn’t think it’s more than a petty theft. What seemed like a trivial case of stolen identity seems to have turned out to be a gateway to something more sinister. Human Trafficking is a big business worldwide and it’s despicable.

We know what happened to my daughter’s account, but can’t prove that the intention of the site was to sell children. The criminals hid my daughter’s account from the general public, using filters so only certain people could see and interact with the account. It was there where they posted and interacted with thousands of other online profiles. Men and women alike commented on the video posts, with lots of questions, especially about the price. They were probably all fake accounts. It’s easy to hide behind the online image, so who knows who they were.

While unfortunate for us to experience, the incident opened our eyes to protecting online profiles, security, passwords, human trafficking and cyber crimes. I hope the platform’s quick actions on our behalf resulted in an evil business being shut down and kids being saved. But deep in my heart, I know, they were selling what they already had in inventory and they will find another profile to steal, convert and be back in business right away.

Is your online profile a theft risk? It only took a couple hours to steal, strip, rebrand, sell and set up shop with 215K engagements in 24 hours.

There Is Some Good In The World

Who was the guy who tipped us off? His profile claimed he actually worked for the platform, but he didn’t. He kept trying to convince us to reach out to his company requesting help to reclaim the account. His message seemed urgent, as if ‘time was of the essence.’ He sent links and instructions as to how to get her online profile back. I questioned him a lot and wasn’t about to click a link this potential ‘hacker’ sent, but I tried to keep him talking. I really wanted to know what was going on.

He said he wouldn’t use his real name in fear that the hackers would retaliate, but it was important for us to listen to him. I wasn’t sure. He never asked for money or any information from us? After some time he disclosed that he was a buyer not a hacker. He buys online profiles.

Readers! This is a business. This man purchases online profiles for a living. He probably sells them for use in illegal activity. We still don’t know why he reached out. He had nothing to gain at all. My hunch is that he is a fan of my daughter’s movies.

We Were Password Protected! How Did This Happen?

How did they hack our account and get through our password? We used the current suggested password format — 8 character including one capital letter, one number and special character — that our bank requires. If a bank approves of a password format, and all my passwords format the same way, why were we hacked? The question led me to about a half day’s research about passwords and security.

Did you know, that 8 character password we all use online is one of the EASIEST TYPE PASSWORDS TO HACK? And if you are using a password that has less than 8 characters it’s even easier? If you are sitting there saying, “Whaaaat?” join the crowd. It seems that the software hackers use can easily hack these supposedly secure passwords that our banks and other institutions require. They tell us that using the 8 character format with upper, lower, special character and numbers creates a minimally secure password and promotes online security. And some don’t tell us that they are minimally secure.

Make no wonder our personal information is easily stolen from various online databases! Our passwords are weak and vulnerable. There is a silver lining to this story. There are ways to up the security level of a password.

Change The Way You Think About Passwords

Most hackers use software to hack. They load a database of words into the software which helps crack passwords in seconds. If your password is a word, chances are, it can be hacked in a couple minutes. Why? The database of possible passwords comes from a common source — the dictionary. Hacking software uses a dictionary database to detect words. So most any word is able to be matched to the database. If the software detects mon, it’s going to figure out monkey is the password in just a few seconds. It’s inevitable.

You think monkey is a funny password? Or maybe you are sitting there thinking, ‘How did she know MY password?’ Check this list of common passwords (click) posted on Wikipedia from the past few years. Then come back and finish this article because we are talking about how easy it is to get hacked if a poor quality password is used. And most of us use them.

Hackers are not blind to substituting a number for a letter. That was my personal favorite. I felt safe doing this to my passwords. You know a word like Heaven!! I would change to H3av3n!! The brute force attack software hackers use do account for this type of substitutions now. Hackable in pretty much no time. Same with adding a special character like H3@ven!! Not even a challenge for the software.

Is there a solution? I wrote another blog post about what I did to secure my passwords. Read about it here: P@s$W)rds!

2FA and Why You Need It

I hope after reading about our recent incident, you will take a moment to reassess and update your current passwords. But that probably isn’t enough. Check into 2FA. Most of the platforms are now offering the ability to use Two-Factor Authentication. It’s one of the best things you can do for your online activities.

Even is someone cracks your password, they won’t be able to get past the 2FA. Myself, I avoided it at first, but now, I put an app on my phone made by Google, and I use it on our sites. It takes a moment longer to sign in. So what? It’s piece of mind for me and probably frustrating for the cyber hackers in the world. Maintaining online security takes work and the suggestions in this post are timely. At least the premises work for now, until some genius figures out a hack.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.