Treat your password like your toothbrush. Don’t let anybody else use it, and get a new one every six months. ~Clifford Stoll, American astronomer and teacher
Okay, I’ll be the first to admit I took the lazy way out with my post on Wednesday, but as usual, there’s a perfectly logical reason.
I was up to my ears trying to resolve yet another hacking!
Say, what? You’ve got to be kidding. Didn’t that just happen?
Yes, it did, but this time, it was my LinkedIn account, and I’ve got to warn you, it wasn’t pretty.
On Jan. 29, LinkedIn notified me my account was accessed from an unfamiliar location. Wanting to make sure it was me, they suggested I sign in with a verification code and change my password.
I tried but couldn’t, even though I tended to it immediately, rather than waiting until Monday.
So I emailed them explaining the situation and asking for their help.
About two hours later, LinkedIn notified me that I’d added a new email address to my account. No, I hadn’t. Why would I add a stranger’s name to my listing?
Again, I tried to log in to change my password. Nothing. This hacker had removed my email address and made his the primary contact, thereby giving him all sorts of time to wreak havoc.
I sent LinkedIn another email for help. In fact, I sent them an email Every Single Day For Five Days until I finally heard from one of their “Trust and Security” folks.
She outlined the exact steps I’d need to take to resolve the problem — and they weren’t what you’d call easy. I had to complete a verification of identity, have it notarized, and attach it to a reply email (that, or provide documentation such as a photo ID, drivers license, passport, or some such.). Then I needed to change my password, remove the hacker’s address, and follow LinkedIn’s suggestions on account security.
Once I finally re-accessed my account, I found ALL SORTS of changes — my photo was removed, my recommendations and endorsements were gone, my business summary was deleted, and the hacker had used MY connections to promote a Mystery Shopper scam! Grrr.
You know, all of us balk at too much security, but sometimes we have to trade unlimited freedom for protection, don’t you think?
Anyway, I’m gratified to learn lots of people recognized I wasn’t the author of these missives and guessed it was a scam (thanks, friends!). And I’m slowly recreating my profile. LinkedIn doesn’t keep details like this, so I’m on my own. Gee, I wonder why I had to prove who I was, yet some bozo was able to become me quite easily??
Take-away advice: Do everything possible to protect your identity. Create strong passwords (NOT the same one for every site you visit!) Use a two-step verification process. Don’t access sensitive material on public computers. Be sure to sign out once you’re finished with a site. And for heaven’s sake, don’t think it can’t happen to you!