Now that the consumer tech show that is CES is behind us I wanted to share a personal story with you. Just this week I had one of my online accounts hacked. Which one? Well it happened to be my origin/EA account. For those of you who don’t know it, Origin is EA’s online store where you can buy and download games made by EA (sometimes other developers as well).
The story started off on Wednesday morning on my way to work. I was checking my email and I saw something from EA. I opened it and it told me that someone had changed the email address on the account. The next thing I know the hacker also managed to change the password on the account. I was slightly worried because the guy had access to my game collection. I spent good money and a lot of time building up that collection and the hacker is stealing my game collection from me. This includes all the downloadable content(DLC) that I had.
Whilst I was on the train I was able to get the email address changed back. That was half the battle won. As soon as I got home that evening and thankfully no damage had been done. I fired up my laptop and logged onto the Origin website to change my password. Most important of all I enabled two-step verification(more on that in a few moments).
Now I know that a lot of people are going to say “Adi, you cover technology news, I would expect better from you”. Yes, you would expect that I would have strong passwords on my accounts. Truth be told I was using a weak password so I was asking for trouble.
Most important of all, I always used PayPal for my payments (where I do have a strong password). I would never store my card details for payment on my Origin account.
If I had my card details stored on my Origin account then that could lead to them buying games behind my back. This would also mean me having to cancel the card and have a new one issued. That’s a hassle that I don’t want to have to go through but I was lucky that it did not happen.
I also remembered that my Steam account uses the same password. So I went and changed that to something else. I am currently in the process of changing the password for all the other places where I use that password.
With this I think that there are a few takeaways. True, this happened to me but it’s not just me who’s been hacked. I have also seen many other people who’ve been hacked. In fact, there are lots of groups of people who dedicate their time to hacking people’s online accounts. If it can happen to me it can happen to you. Imagine if it was your account for your internet service provider where you had your credit card details or your bank account details stored. If a hacker got into that then you are in serious trouble because they can use that to steal your money. Worse still, imagine if a hacker got into your bank account and stole all your money. You don’t want that to happen, do you?
I know that a lot of you are going to hate me for saying this, but I think that it’s important to give this take away. You should always use a different password for any account that you have. You should have one password for your Facebook, a different password for your Steam account, a different password for your Yahoo email account and so forth. Yes I realise that it will mean you having to remember so many different passwords. This is why you need a password manager.
So which password manager should you go for? I would highly recommend Lastpass. It would store your passwords on your computer with super strong security. Most important of all you are the only one that has access to that password vault. As a bonus tip you can also use it to generate new passwords for those times where you need to change a password or when you need to create a new account for something. Best of all it works on PC, Mac, Linux, iOS and Android.
Another takeaway from this is that you need to enable two-step verification. It’s no longer enough to protect your online life with just a password. So, how does two-step verification work? Of course when you log into an account you will enter a password. However, after that you will then need to enter a time-sensitive one-time passcode every time you log into your account.
The security aspect of this is that the one-time passcode only lasts for a very short amount of time. That way, even if a hacker could get into your origin account, they can’t get in because you still need that one-time passcode. This one-time passcode is normally sent to your phone by way of a text message/SMS. Alternatively you might have an app like Google Authenticator.
Facebook does this with their login approvals system. EA/Origin also has it and they call it login verification. I would strongly urge you to use this feature on all your online accounts if the service in question has this available. I realise that for some of you this would be inconvenient or rather a hassle but you are protecting your account from getting hacked. This also adds an extra layer of security because the hackers don’t have access to your phone.
Have you been hacked? What did you do to regain control of your online accounts? Let me know!