What I learned from being hacked

Feature
Written By Jason England

As you may have noticed, the website was down for a week. To me, that felt like centuries.

Short story - I was hacked and lost my access to this account and the URL connected to it. The weeklong awkward silence of now getting any emails from PRs or my freelance co-workers at first felt rather anxious, then I felt a little bit of freedom (played Death Stranding and Luigi’s Mansion 3), and finally, I just grew weary of my lack of blogging.

But now, I’m back and here with the full story and some lessons for you, dear reader.

It all started with some weird behaviour on my Deliveroo account, as my email address got changed to exactly the same, but with a number placed at the end. Someone had managed to login to my account and change the email to an address that everything was being forwarded to.

This data came from a breach of StockX (a breach they actually said was just “system updates” to cover up their own problems) and to my own fault, I was way too relaxed about my own online privacy with the same password across many of my services.

Two lessons here! #1 don’t put your trust in companies who don’t take cybersecurity seriously. And #2, don’t be an idiot like me - use different passwords for everything.

Following this, came an interesting series of events involving an attempted £250 transaction (which to Deliveroo’s credit, they stopped and permanently froze my account immediately), and eventually, the records of my URL were changed and my site went offline.

Lesson #3 GoDaddy aren’t the best with customer service or easy-to-follow guides. Rather than understanding the urgent nature of what happened and helping, response times were left at up to 72 hours per change (including 5 days to turn off two step verification - Lesson #4 don’t just rely on Google Authenticator for 2-step verification). It left everything going on for an awkwardly long time and I’ve noticed a knock-on effect to my search engine rankings because of it. If you’re looking for a URL, I’d recommend going elsewhere.

But after all of that unnecessary delay, I’m back and really need to catch up on my Black Friday editorial. So after a Fossil gen 5 smartwatch review and the 24-hour charity stream on Saturday, you won’t hear much from me until December! Sorry it’s been a while. Hopefully, it won’t happen again!

And to the hacker, whose IP address I tracked back to St. Petersburg. While I know I can’t do anything to you (and chances are this was some part of a bigger governmental plan to disrupt Western), I wanted to thank you. You’ve showed me the glaring holes of my own security online, and now everything is locked down.

Jason England

I am the freelance tech/gaming journalist, lover of dogs and pizza enthusiast. You can follow me on Twitter @MrJasonEngland.

http://stuff.tv/team/jason-england
Previous

Bloody Hell – Our National Press is a Mess!

Next

If Dungeons & Dragons saved my life, NADDPOD showed me how to play