So (as many of you who know me on Twitter or FB know), Monday morning my gmail account was hacked. I woke up, tried to log in, and couldn't. I thought, of course, that this meant gmail had screwed up. But as I futzed around trying to figure out what I could do to fix this (as an aside, if you don't have an alternate e-mail address set up where Google can send you reset codes and whatnot, you have to wait TWENTY FOUR HOURS before you can get Google to address your problem), it became clear that someone had ACCESSED MY ACCOUNT AND CHANGED MY PASSWORD!
Sorry to shout, but wow, it's funny how enraged I was by this. I took a class on internet law stuff last semester, and always sort of held that people don't really have a reasonable expectation of privacy in e-mails (to be clear, I think people SHOULD have that expectation; but given that by using Google, or your employer's e-mail network, you expose the material you send to all sorts of network connections between you and the recipient, people should realize how open their content is to network providers and so on). But it's one thing to feel that if the police knock on Google's door and subpoena your e-mails, there are legal reasons for Google to hand the e-mails over. It's another thing ENTIRELY for someone to BREAK IN and STEAL your e-mails!
Anyway, not only did this person lock me out of my gmail account (for a brief time - 30-45 minutes, maybe? good thing I check e-mail obsessively), they sent a message, ostensibly from me, to EVERYONE I've EVER e-mailed, claiming that I had been robbed at gunpoint in London and was stuck with no way to get home, and needed money. I mean, this went to EVERYONE: the judge I currently work for, a judge I applied for an internship with last semester, students who graduated last year, any professor I've ever e-mailed, authors whose articles we're publishing in our law review... oh, it's just cringe-inducing. The IT guy at my school ended up sending a message to the WHOLE SCHOOL telling them not to pay any attention to the message. I had college friends I haven't talked to in person in years calling me up to find out if I was okay. Rate Your Students even posted about it (I once sent them a cranky e-mail in response to a post they made about special snowflake junior faculty).
(The funny thing? Almost everyone said they knew it couldn't actually be from me because the grammar was too bad!)
What's really galling is that the hacker also set up my account so that all my incoming mail forwarded to their e-mail address, and then went straight into the trash. Thankfully, gmail defaults to having stuff sit in the trash for 30 days, so I could pull all the messages out again. Of course, as soon as I found out my gmail had been compromised, I changed all my passwords to all my other online stuff (because I wasn't sure at first what the hacker did/didn't get access too). So all those messages went to the hacker, because I changed the passwords before realizing what they'd done.
Thankfully, most websites send messages confirming the change in password without giving the recipient any information about what the new password is or giving the recipient access to the password without further security information. But Facebook, of course, sends you a link that got forwarded to the hacker, which they followed to take over my FB account and send the message to my FB friends. So I have now been banned from Facebook. It surprises me how much this bugs me, but it does; most of my law school friends are on Facebook, and that's where I keep up with them (as I'm there under my real name, not this blog identity). I've appealed Facebook's banning, but who knows when if ever I'll hear anything from them?
It's also surprised me how much I feel like my online presence has been...defiled. I feel embarrassed about the whole thing, like it's actually my fault, when really, I think I have pretty decent security practices. I may have fallen victim to a less-than-secure wifi network through our hotel (we were in Florida when this happened, visiting my mom), but interestingly, the only problems I encountered can all be traced back to someone accessing the gmail account, (thankfully) not accessing anything else. People online have blamed weaknesses in gmail for this, and while people whose accounts have been hacked aren't always at their most calm and rational, it kind of makes sense to me.
So I'm a little bit torn now, about what to do with my gmail account. Part of me feels very suspicious of it. But most of me is swayed by my love for all things Google, and ESPECIALLY gmail. I loves me my gmail - the threaded conversations, the ease of labeling messages, the way I can just tag and archive everything to keep my inbox (relatively) clear without fear of throwing out something I needed, the access from any computer with an internet connection, and the adorable tea party theme that shows me fox ancestor ghosts playing a board game if for some reason I have to be up at 3 in the morning. I read my school e-mail through gmail because the online interface for my school e-mail is AWFUL. And I've used my gmail address for so long now that getting rid of it would be a HUGE hassle.
Okay, so, yeah, I'm probably sticking with gmail. Unless any of you have any suggestions for better, more amazing, and more secure e-mail services/programs?
How awful! I, too, rely on gmail too much to consider getting rid of it, but I did just change my password and revoke facebook's access to my gmail.
Posted by: dr four eyes | Wednesday, March 24, 2010 at 11:15 PM
I am so, SO sorry. That is just terrible!
Posted by: The History Enthusiast | Wednesday, March 24, 2010 at 11:31 PM
I've been reading this blog for awhile via tenuredradical but I did catch the "London/Gunpoint" e-mail on a particular e-mail forum. It was a bit of a scare for me given how much I rely on my gmail for immigration applications etc. Small comfort for you, but I've done the first major overhaul of my online passwords in years because of this.
Posted by: Bronwyn | Thursday, March 25, 2010 at 01:52 AM
A an old friend had this happen to him on Facebook last year sometime. I ended up in FB chat with the hacker for a brief period, until their bad grammar gave it away. Since I'm friends with a lot of his friends, I posted something on facebook saying it was a scheme -- and the hacker argued with me there too.
Finally, his girlfriend saw what was going on and confirmed my friend was in Omaha, not London.
Posted by: Patty Steck | Thursday, March 25, 2010 at 02:45 AM
Heh. Well, that explains the FB chat you sent me but didn't respond to. I thought you'd started a chat with the wrong person, but then I thought she wouldn't just leave me hanging, she'd say, oops, sorry, meant to chat with the other Laura.
I've been lucky enough never to have had this happen. You're probably dealing with pranksters for the most part, but still, scary.
Posted by: Laura | Thursday, March 25, 2010 at 06:15 AM
No suggestions, but what a headache! I'm sorry you've had to deal with this. (I did think it was kind of funny that you made Rate Your Students.)
Posted by: Dame Eleanor Hull | Thursday, March 25, 2010 at 07:24 AM
Oh, geez, that sucks! The same thing happened to a friend of mine about three weeks ago, sans the FB component. So sorry to hear it, and I hope things get straightened out soon. In the meantime, I know it's a huge headache.
Posted by: What Now? | Thursday, March 25, 2010 at 07:48 AM
Arg that's incredibly frustrating. I'm sorry you had to go through that - I can hardly fathom a life sans gmail.
Posted by: idwsj | Thursday, March 25, 2010 at 08:01 AM
Oh god, NK - that's horrible! I'm glad you got it straightened out eventually, but that's hideous...
Hope FB gets on board as well.
Posted by: medieval woman | Thursday, March 25, 2010 at 08:24 AM
I'm so sorry this happened to you but thanks for posting it as a sort of reminder to take internet security seriously. I'd also be really upset about losing FB, as much as I'd like to think that's irrational.
Posted by: ianqui | Thursday, March 25, 2010 at 08:43 AM
Did you see my tweet the other day about the brand new Gmail hack detection tool? If not, let me know and I'll send you the link again.
As for Facebook, here's a similar story from the UK, "Help, I've been booted off of Facebook" (and how she got back on with some media assistance) -- http://technology.timesonline.co.uk/tol/news/tech_and_web/article7064227.ece
Posted by: Janice | Thursday, March 25, 2010 at 08:47 AM
Oh, dear. This happened to my sister last year, and it's a total pain. And they got her whole email address book, which had work as well as personal contacts. I can see how you feel defiled.
Posted by: Susan | Thursday, March 25, 2010 at 04:24 PM
OMG! This is horrible! Maybe I shouldn't be shocked, but honestly, I am appalled that this could happen so quickly and that the message could be send out to everyone. I hope you can get facebook to lift their ban on you--I couldn't deal with that either.
I don't even know what to say, except this really sucks. (And I've been thinking about switching to a gmail account myself....not sure now if I will ever do that).
I heard of something like this happening recently on facebook--and the hacker posted really mean messages on all of the person's friends' walls. But the friends knew that it couldn't be from the actual sender (he's not a mean person!)
Anyway, best of luck in trying to deal with this...
Posted by: helenesch | Thursday, March 25, 2010 at 09:10 PM
I'm sorry you're dealing with this. It sounds like the most exquisitely elaborate pain in the arse.
This scam has been going on awhile and is particularly virulent on Facebook. It's been fairly well publicized, and people may soon be as aware of it as we are with 419 scams. The point is: I don't think you should be embarrassed at all that your professional contacts were contacted.
Oh, and I've got the tea house theme on my GMail, too. So cute.
Good luck cleaning this mess up. I'm indignant for you!
Posted by: Lucky Jane | Friday, March 26, 2010 at 07:38 AM
Oh, how terrible.
In general, "secure" e-mail is as secure as the password you choose to use, so switching services is unlikely to make you safer.
Posted by: Sharon | Saturday, March 27, 2010 at 12:57 AM
So sorry - this is no fun at all but thanks for sharing so the rest of us could keep this in mind
Posted by: KellyinKansas | Saturday, March 27, 2010 at 08:35 AM
Oh man, I had no idea it had spread from your Gmail account to FB. That really sucks!
So sorry! What a pain.
Posted by: Dr. Virago | Saturday, March 27, 2010 at 03:23 PM
Thanks, everyone! (Laura, I'm so sorry about the FB chat!) I'm glad if this helped anyone think more about their passwords and online security. Fingers crossed, I don't think there have been any serious consequences (yet), but still, it was a HUGE hassle!
Posted by: New Kid on the Hallway | Saturday, March 27, 2010 at 08:21 PM
Ugh, that sucks! I'm so sorry!
It's definitely not just you though -- I've received that same message from two friends this week (well, the hacker posing as my friends), both of which were through gmail. It's definitely something having to do with gmail's security and it's still happening!
Posted by: comebacknikki | Saturday, March 27, 2010 at 09:42 PM