Thursday, May 27, 2010

Cloud Crisis, case closed

I am taking very deep inhalations to calm myself so I can write about this. Strangely I can be more calm than usual when bad fortune struck than good times. What had just happened is really nasty, yet wholly preventable if I had taken the basic precautions.

I got home fairly early today, after tea I turned on my computer to play some Portal. I checked my email before I started the game and it was all fine, business as usual.

So I spent one hour clearing half of the advanced test chambers, got a bit tired of flinging myself across air through portals so I quit the game. Looks like I have 1 new message from Carnegie-Mellon University, staple auto-reply, okay.....WAIT, WHAT, I was in correspondence with CMU this time last year! Second look into my inbox proved to be more surreal, this ghost message is the only thing in my inbox?!

After the initial disbelief it soon become apparent that my mail account has been hacked as mom came into my room asking why have I sent her some dodgy advertising for iPads. Shortly after several failed delivery notice popped in, all pointing to address that happened to be on my contact list. I googled the spam content and found that I am not the first victim, the exactly same deal has happened to several hotmail users since 2009: all contacts spammed, then the account is flushed. Judging from experience, the hacker probably did it through Yahoo!Messenger which had little protection against brute force attacks, the fact that I used a shortish, numeral only password did not help to make it any harder for them.

I have always been uneasy about computing in cloud and this is one of the few ways in which things that can go wrong. Hyper-Ironically, this happened after I tightened security following an incident not long ago(One minor fight with Miranda, blocked her on MSN, she logged into my account since she knows my password /facepalm so she can check if I had gone offline or blocked her). The webmail account in concern is the only one that I had neglected to secure, and this is what I ended up with.

Despite my long history of helping people recover their lost files, I am not used to catastrophic data loss when it happens to myself. In short, all the mail since 2005 has been lost, most of them had no back up. Some survived in separate folders however the majority I did not have time to sort through. In trying to make light of a bad situation, nothing really critical is involved, except all my trademe records and some emails of sentimental value. Since it all happened in less than an hour it is most likely they simply deleted all the messages instead of getting hold of them.

Action: Contacted Yahoo!Xtra support to recover my data, hope they have a decent backup plan. To be extra vigilant over the next few months in case someone had access to my personal information. (That is, they downloaded and went through 3000+ emails in four different languages)
Remedy: I have changed some passwords, did a full virus scan just to be on the safe side. I wish I could warn others however with my entire contact list up in the air it is not going to be possible.
The lessons learned: never have a false sense of security, and back up your important data as diligently as you may.
I am not too upset, since it comes as an important wake up call to something that I could have carried on to overlook and have more serious consequences later. As of the moment, I am off to take a shower and drug myself to sleep so I can stop worrying about it.

Update 1: I had been an ardent user of dedicated mail clients, however since I was given my first laptop I had some trouble because it is too much hassle to synchronise two computers (Using Outlook Express did not help either). Around the same time yahoo introduced a better interactive webmail interface so good that I never looked back. I have tried to download and back up a couple of times but the nature of POP3 made it very difficult not to end up with many redundant copies once you have more than 1000 items. So the mailbox had not been well duplicated in five years, my bad.

Update 2: Managed to scramble back my address book, but all the archived mail are truely gone for good:(