Hard Lesson: Your ‘Friends’ Might Hack You Too

We sure didn’t see this one coming. Turns out, our teenage son’s password (and our bank account) recently got hacked—by a friend.

Seems the theft was pretty simple to pull off. The culprit—a frequent visitor to our home—simply looked over my son’s shoulder as he typed in his iTunes password. Then, for the next six months the “friend” proceeded to download nearly four hundred dollars in songs, video games, and apps. We didn’t notice the twenty dollars here or the five dollars there until recently when he got greedier spent $35 in downloads in one day.

It took us several days of contacting iTunes, working with our bank and interrogating our own kids before we figured it out. The most surprised person: my son. The betryal stung his trust and taught us:  A) how easy it is to get someone’s password B) the reality that we are not as secure as we thought we were C) that online security applies to every aspect of your life—even your circle of friends.

All are great but tough lessons for a  teenager (and his parents) to learn.

Could security software have caught the theft? Not likely. However, holding the reigns of our personal information more tightly could have helped us avoid this inside hack job.

We agreed to:

1)    Routinely change all passwords

2)    Never share our password with anyone—even good friends

3)    Type our passwords in private–even it feels awkward or offends a friend in the room

Hackers have developed tools to get at your personal data that are openly shared (and even celebrated in their community) all over the web. In describing various tools, it’s easy to find phrases like “When you need to brute force crack a remote authentication service, [tool X] is often the tool of choice. It can perform rapid dictionary attacks against more then 30 protocols, including telnet, ftp, http, https, smb, several databases, and much more.”

It’s pretty scary to learn that hackers make it sport and even compete to find creative ways to breech your personal security, which is a reality we need to teach our kids.

Some quick password reminders to share with your family:

  • When creating a password, don’t use a word found in the dictionary or any personal information such as your name, birth date, pet’s name, or the street you live on.
  • And, don’t use any of the above words with a number after it like MaryFrances1 because hackers know many logins require a word and at least one number.
  • Never use keyboard sequences like “asdfghjk” or “67890”
  • Never use sequential numbers or letters like “123456″ or “abcdefg”
  • Mix special characters and numbers in addition to letters when creating a password.
  • Never use the last 4 digits of your social security number.
  • Don’t use obvious words like “password,” “letmein” “god” or “love.” Hackers attempt to think like the average Joe.
  • Use a different password for each site or app you use. Change out your passwords regularly, especially those on very private accounts—especially banking sites.
  • Use a password generator and keep your passwords on file in a secure password manager.


Leave a Reply