How Did Hackers Get My Address Book?

By | March 3, 2012
Print pagePDF page

Cheryl wants to know how hackers who accessed her web mail account are still using her address book
I recently changed my email password (again) because hackers are invading it and sending out messages to everyone in my address book, but it is STILL happening. My question is – messages are even being sent to addresses that I actually deleted from my address book quite some time ago. Can you explain this??

Our answer
Just because you deleted your address book doesn’t mean whoever broke into your account didn’t save a copy of it. Anyone who is going to “hack” someone’s email account is certainly going to keep a copy of the addresses in the address book. If you subsequently deleted addresses from your address book, it won’t affect the copy the thieves kept. It’s very likely the first thing they did when they broke into your mail account was save a copy of your address book. They did this before you realized your account was compromised.

It’s easy to blame hackers for everything — but the number one reason people have the Web mail accounts compromised is because they use weak passwords. We can’t emphasize to you strongly enough that you can no longer rely on simple passwords. The Web has changed so much information is stored in the cloud.

Most people still use simple passwords. They use passwords that are easy for them to remember – then compound the problem by using that same password for everything. Bad idea. Passwords that you can remember easily are also easy for “hackers” to guess. Some use password crackers that can crack a 6 or 7 character common word/number-combination password in less than a second. It’s extremely important to change all of your passwords to 11 or more character/symbol/number combination, random passwords that cannot be cracked. If you had done this it is very unlikely you’d be in this predicament again.

The main reason people use simple passwords is because they have to remember them – they’re afraid they’re going to forget them. But if they used a program like Last Pass ( http://www.lastpass.com/ ) they wouldn’t have to remember them. Last Pass will generate them and remember them and even fill in the login forms.

We’re in a different era now. You can cannot relay on simple passwords. And if you use the same simple password for everything — you’re just asking for trouble. Now more than ever – everyone really needs to get a password manager, like LastPass and use it to not only store strong passwords — but to generate them as well.

Leave a Reply

Your email address will not be published. Required fields are marked *