Whom to blame if I get hacked

Story

Security Alert: Your Google account was just signed in to from a new "Linux" device. Security_alert.jpg Yeah, I got the above alert as mail yesterday but I have seen that today. What does it mean? It is saying that someone has logged into my google account and it might be me or some one who knows my password. The first thing I did when I saw this mail is expanded the "view details" option on the top. Why? Am I a mad person? No, what if this is a phishing mail and crafted similarly as google page? Then you will be landing into a phishing page and give your credentials assuming it is a legitimate Gmail page. I don't want to get trapped. Finally I did verified that the email is from Google source, opened "My Activity" and came to know that some one logged in from XYZ country. Yeah my Gmail account got hacked.

5 Stages of Grief

OK, OK it's done and I turned to follow all the stages of grief...

  1. Denial - No it's not happened
  2. Anger - It's already been two days since my account got hacked and I don't know. Which means hacker might have accessed all my bank accounts, my photos, locations and all other website accounts linked with that email. Now I'm looking for the parties in anger to know by whom this hack has happened.

    • The guys who sent me the "Bank loan, job offers, crypto trading, porn.. etc" offers every day
    • The location from where I found a "Apple" usb drive
    • The person who sat next to me and also did shoulder surfing
    • The man called be asking for OTP
    • Email provider - Who failed to secure my account.
  3. Bargaining - I tried to find all the first 4 parties, I haven't found them still.Then I started inquiring email vendor to sue them. That makes me happy at this moment. But no luck, I got a legal negative response, which is not expected.

  4. Depression - Yeah I'm feeling bad,low,depressed because its my personality which is exposed to public. Hacker even know my browsing history by which one can easily define what kind of a person Iam. I'm not private now, I have nothing to hide, what if hacker disclose everything to public? All the things which I only know will be known by everyone. Anyone can do Cyber-extortion.

  5. Acceptance - Yeah I know I got hacked, I have to come out of this. For this I started figuring out where exactly the issue is. After looking at the scenarios like Phishing mails I clicked, USB's inserted into my PC, entering passwords in Internet cafe, Telling OTP's over phone to stranger, Not maintaining strong passwords, Typing sensitive data while traveling in public train.... Any single/simple reason might turned-out to this serious issue.

WHO?

And yeah finally, It's me who failed in any one of above scenarios. May be I could have tried enabling 2FA, different/strong passwords and being alert when I get offer mails. I forgot the basic principle in life that "Nothing comes for Free, not even an email".

Yes, it's me who should be blamed for being the reason of getting my account hacked.

Impressum

RebornInfosec

I have planned this blog to express my view on Information security and will try to learn/help from/for other security minds. All views expressed here are strictly from personal view. This blog is neither an organization nor affiliated to any organization with respect to the blog posts.

Varun Kondagadapa

Hi.. Myself Varun Kondagadapa and I am Information Security Specialist having 2+ years of experience in Securing organizations. From startups to MNC I have work experience in all scales of Infra.

Write your comment…

Be the first one to comment