Yesterday one of my accounts was hacked. I realized this 5 hours after the fact. Thankfully there was not much damage that could be done with this particular account; nevertheless, the feeling of logging in and seeing an open “unkown” session was that of terror —  That’s not me, I haven’t logged into this website in years!

 

Afterwards, I found a link to haveibeenpwned and that’s when I found out that, yes I was, twice. Fortunately I have the habit of changing my passwords from time to time, so this should be an isolated incident. Then again, I cannot help but think what could have happened in a worst-case scenario: disaster. A good chunk of my life is up there, hundreds of hours in work, sensitive information of me and others, family, friends, clients.

Fast forward 3 hours later, my browser was teeming with cyber-security checklists, data-breaches news, essays on why a single cycle of SHA1 with a simple salt is hot garbage, and a long etcetera.

 

If there’s a lesson here its this: at the very least, you should activate 2-step verification on all your important accounts. Either that, or delete everything and go live in the mountains like a hermit.