Categories
ranting

I have been pwned

Today I was pwned… again.

This time it was my Netflix account. My daughter messaged me: “Papa my Netflix became Spanish!!!!!!!! Help me.”

Turns out someone got into the account, deleted all my secondary users — including my daughter — and then changed everything to Spanish and renamed my main user. Whoever it is has a liking for teen horror shows:

Netflix Hacker Viewing Habits
Not my families taste… Vampire Diaries, ugh!

So I changed the password… I was way to simple because when I have to login on my Daughters or wife’s devices or the AppleTV I am lazy and don’t want to type 30 or 60 random characters. Lesson learned again. Silly random 30+ character password created. Unfortunately Netflix cannot recover the history for the deleted profiles so everyone but me started from scratch. Relatively minor I guess.

As for the lesson learned. I have already learned it and should know better. That password is know to be associated with my email account (I verified this again for the post on Have I been pwned [haveibeenpwned.com]). If you have never checked if your password, or email address or personal info is for sale on the Dark web [wikipedia.org] you should head over to Have I been pwned [haveibeenpwned.com] and check for yourself. ASAP. I’ll wait.

Done? Scared? I have been pawned a few times:

Pwned

I’ve been using the same email address since the ’90s and have signed up to a ton of online services over the years so maybe it should not be a surprise.

If you want to know how leaked passwords are cracked or just how easy it is to crack passwords most people think are “secure” watch this video:

Crazy how easy it is.

So, like I said it was a lesson I should have learned. In January 2017 my Apple account was hacked. Long story short, someone got in, changed the Credit Card on file to someone else’s — I assume stolen —l; card and proceeded to purchase US$200 worth of in-game credits and gift cards. I noticed when I got three receipts from Apple in my email in rapid succession over night and couldn’t think why. Had it only been one I would most likely have ignored it as a delayed receipt for something. So I had to go through the trouble or resetting my account, not once but twice because I got locked out again at the end of the month, best I can figure the second issue was the stolen credit card owner reporting it stolen when they got their bill so my account got locked. The second time I had to reset all my Apple devices – 2 iPads, my iPhone and AppleTV I set up family accounts for my kids and then I went out and purchased a 1password [1password.com] family account.

It was painful to go through and reset and store all my passwords for all the hundreds of services I use. But I highly recommend you go out and get a professional password manager and get on with it. Things will only get worse and you will get pwned. So I’ve been pwned twice and luckily I have not lost any money or had any other serious issues. Knock on wood, the internet is scary place full of bad people.