I am "the friend". Yes it is hard to believe that Royal has a friend, but we all pay our indulgences in different ways, mine is to be Royal's friend.
I used the same id and password for my email and three financial accounts. I knew that wasn't smart but I was lazy.
A group of hackers took control of a financial institution a few weeks ago. The website was down but the sign in page remained up. I tried to sign in multiple times. That is how the hackers got my id and password. The hackers then started randomly using the id and password on financial institutions and major companies throughout the world. That is how they got into my email and three financial institutions.
While on vacation, another financial institution started sending me texts for password resets. I contacted them to lock down my account. This happened multiple times. I am pretty sure the hackers removed all funds from my account. I had followed up diligently with the financial company and the company was remiss. A new account was established and funds placed into the account, so I am fine but this could have ended very differently. I probably had 50+ hours tied up in getting this worked out.
The original financial institution that was hacked helped in a big way once I was able to get past the initial two levels of gatekeepers/customer service, but hackers had gotten in and sold assets to cash and were trying to get the cash out of the account. I am fortunate the account was a retirement account so the sell didn't trigger a taxable event.
The third financial account was basically empty. I haven't messed with it.
I have had my email for 25-30 years. I noticed while on vacation that some of my emails had been read that I hadn't looked at. After a couple of days, I couldn't even get into my email account. I contacted ATT but they weren't real helpful. They have three questions I had to answer.
1. What is the email address?
2. What is the name on the account?
3. What is the zip code?
The hacker changed the name on the account, even though my name was part of the email address. He also changed the zip code.
I have had the same name all my life.
I have had the same email for over 25 years.
I have had the same physical address and ip address for over 25 years.
I have had the same zip code for over 25 years.
ATT should be able to confirm this, but ATT doesn't care. I talked to 34 people with ATT for 15-15.5 hours. Basically they are saying the email is no longer mine. All my contacts are gone. Communications with family members that held family history are lost since the family members are dead. Personal info, etc. Just think what you may have on your own emails from 25+ years ago when security wasn't as big a deal. You get the idea.
The hackers tried to gain control of my phone and change the sms. Thankfully this didn't happen or they would have had access to change all 2F identification.
2Factor identification is something I did right. If you don't use 2 Factor identification then you should definitely use it. If not for 2F or sms, I would have been out significant amounts of money, at least significant for me. Also whitelist financial accounts so funds have to age a couple of days prior to being removed.
My daughter is in town. She helped me set up a password vault. I now remember one password. The rest are auto generated. I should be in much better shape now than I was before. I only did the main accounts, not everything I log in for. If "Wheels" goes off on AH and starts spouting more nonsense than usual, then you will know my AH account has been hacked.
Hopefully this story will encourage everyone to review their internet security and to improve it if they need to.
@sgt_zim Now that I have a password vault, what happens if there is an emp? Do I need to keep a copy of the random generated passwords in a safe place somewhere or just trust that the password vault company is safe and will come back online when the rest of the internet gets back in service?
