“I was hacked.” It’s an overused phrase. It’s what people say when their email address is used to send spam. It’s what people say when they lose control of their social media accounts (or sometimes as a lie to cover up inappropriate posts to social media). It’s what people say when their web site has been defaced. And, of course, it’s what people say when their system has been attacked leading to files being deleted, modified or made public without proper authorization. The problem, however, with saying “I was hacked” is that the phrase is fairly meaningless.
Saying “I was hacked” is like saying “I was robbed.” It may serve to get you pity or to excuse why you can’t pay a bill on time, but it doesn’t help anyone else from ending up in the same situation, whereas
- If I know you were mugged I may avoid walking in that same area alone at night;
- If I know your house was broken into I may be more careful about making sure all my windows are locked and may even consider an alarm system; and
- If I know you fell for a scamthe details may help me not to fall for a similar con.
When people say “I was hacked” what actually happened could be a number of different things.
- “I fell for a phishing message that asked me to enter personal information into a malicious website (that may have been mimicking my bank or other trusted site).”
- “I loaded an app or other software that proved to be malicious.”
- “My computer had an unpatched operating system or other software vulnerabilities that were exploited by a script looking for those vulnerabilities.”
- “I clicked on a malicious link.”
- “A company had a data breach that made my account vulnerable.”
- “I used a common password and a script exploited it.”
- “I sent sensitive unencrypted data across a public wireless network.”
- “I trusted my data to a system that uses lame security questions for password resets allowing someone to easily reset my password based on data they can Google about me.”
- “I lost my phone, which was unlocked and provided access to my accounts.”
- “Someone targeted me and took specific steps to access several of my accounts and then delete personal information including all the pictures I had of my child’s first year of life.” (AKA “My name is Mat Honan.“)
Those are just a few examples of what people mean when they say “I was hacked.”
Security semantic purists will point out that most of those things shouldn’t be called hacking at all. I personally don’t care if the average user knows a hacker from a cracker from a script kiddie or a virus from a worm. However, by lumping every security breach under the generic umbrella of “I was hacked” means that we miss the chance to raise awareness about data security risks and how to better protect online accounts and electronic files.
Instead of letting “I was hacked” be the end of the story let it be the beginning. Try to find out what happened and how you might prevent the same thing from happening in the future. Then let other people know. Let’s work together to make the Internet a more secure place rather than an interconnected web of hacking victims.
Want to avoid having to say “I was hacked?” Read these related posts:
- Information security basics
- What is a secure password?
- How to turn on Apple two step verification and why you should
- Tips for securely managing online accounts
- Combatting Twitter spam and Facebook leaks
Subscribe to Listing Toward Forty. Type your email address in the box and click the “create subscription” button. My list is completely spam free, and you can opt out at any time.