I had just completed my morning workout when I received the following email from my buddy, Doug: “Hey, Joe. I just saw Rayban advertisements getting posted to your Instagram. I think someone got a hold of your account. Just giving you a heads up.”

Rayban ads?  That couldn’t be right.  Could it?

Then, a text message from actor Alex Mallari Jr.  Simply: “Mallozzi!  Did you get hacked?”

I was shocked.  Not by the fact that some stranger had possibly gained access to my account, but the fact that people actually follow me on Instagram closely enough to be able to discern when something is up.

Anyway, I checked my IG account and, sure enough, there were the two Rayban ads.  I was at a completely loss.  What steps did I need to take to rectify the situation?  Who should I contact?  I was about to google “What to do when your instagram account gets hacked?” when I thought – Maybe I’ll just try logging in first.

You would assume I’d no longer have access to my account.  If so, you’d be wrong.  I was able to log in, delete the offending ads, change my password, set up 2 step verification, and change my password again just to be on the safe side.

Odd, no?

When I told Akemi I’d been hacked, her response was utter disbelief: “Who would want to hack YOUR account?”

I insisted I was utterly hackable.  She seemed dubious.

Anyway, all this to say I’m counting on all of you to keep track of my various social media accounts and let me know if you notice any weirder than usual activity like ads for Rayban ads or enthusiastic praise of cilantro or ewok-related anything.


P.S. I’m thinking of restarting the long-dormant Book of the Month Club.  Who’s in?

15 thoughts on “March 6, 2021: I’ve been hacked!

  1. “Who would want to hack YOUR account?”
    I can totally understand what Akemi meant by this. LOL

  2. To be honest, I haven’t even been on my IG account in ages so for all I know it’s been completely taken over by crazy people (i.e. most people on any of Facebook’s platforms) Speaking of FB, I’m usually only on that for a minute or two a day anymore, and sometimes not even that.

    I think I would like the BotM Club again! My reading has really fallen behind the last few months and I have no excuses.

  3. Eeeek! Is nothing sacred? I hate hacking!

    I’m up for a good read. Bring on the books!

  4. Me I’m in!

    On the hacking thingo… get a techie to sort it out:

    1) Uses a separate page for the contact-feedback form rather than on the homepage
    2) Flood controls on the form page:
    – allows 5 page requests every 10 seconds
    – allows 2 submission requests every 10 minutes
    – allows only browsers that understand JavaScript (most attack scripts do not) and asks a difficult JavaScript question that browsers would easily know the answer to
    – allows 1 submission only per IP address
    – form fields are disabled if the IP address is already logged as having submitted feedback

    3) Prevent anyone accessing the feedback page using Tor or TorBrowser

    4) WordPress is a pretty lax one API stuff, that’s the gateway between your device (laptop/mobile) and the server, it’s like a security guard at the gate, checks who you are, what authority you’ve got to go where.
    Wordpress is missing a few ‘bars’ in their gate to stop common external attacks to plant stuff in your feed etc.
    Content-Security-Policy, X-Frame-Options, X-Content-Type-Options, Referrer-Policy

  5. Sorry to hear you got hacked, Joe. It’s great that you’re using 2-step authentication now. What I do for passwords generally is use the first letter of a line in song lyrics, mix in capitals, lowercase, numbers and special characters. The result is a totally random password.

  6. Count me in…. I may not be able to read all the books, but I would like to join the club and read what I can.

    Cheers, Chev

  7. That happened to me 5 weeks ago. A friend messaged me: “Irena, has your Instagram been hacked? There’s something about Pandora jewellery in your last post.” I mean … if someone hacked MY account (on which I barely post anything), so YOU are, of course, totally worthy of being hacked. 🙂 Btw, I took the same steps as you described. Let’s hope it helps.

  8. Book club ? Hmmm…..makes thinky face…..Can I shameless self-promote and recommend my debut novel A Guy, Two Girls and a Serial Killer. ? The guy in the title is August Smith. Smith leaves his home with the dream of becoming an extra in Hollywood. Instead, he becomes a pawn in a deadly game of cat and mouse. Will he survive ? Will he catch the killer ?…Dun, dun, duuuuuun.

  9. Sorry to hear your account was hacked. Been there. Unfortunately more than once.
    Was even the victim of identity theft a couple decades ago.

    These days i uses all sorts of extra protection to prevent it and stay off sites like FB.
    If it happens again you might want to look into VPN and downloading a password scrambler/generator
    to daily auto change passwords of sites you use on a regular basis.

  10. Sorry to tell you this, Joe, but Akemi is right. It’s not that your account is particularly hack-worthy, it’s just that the script kiddies (computer script rather than filming script 😛 ) are testing every IG account for common passwords.

    Multi-factor authentication is a great start. I’d also recommend using a password manager like BitWarden or 1Password to generate and remember long, complex passwords for you. And use a different password for every site!

    Definitely up for a BotM club again! My fiction reading has dropped to zero since I’m not commuting anymore and therefore not listening to audiobooks. My non-fiction reading is at its usual slow and steady rate as I tend to read physical versions of those but only for 30 minutes a day before bed. I’ve just started reading “Doctor Who: The Writer’s Tale” by Russel T. Davies which is an E-Mail/diary record of the writing and production of the 4th series of the modern era of Doctor Who. I’m not sure if I’ll actually manage to read over 300 pages of E-Mail messages interspersed with production notes and four first-draft scripts but I’ll see how far I get! https://www.goodreads.com/book/show/4015783-doctor-who

  11. Sorry you got hacked. My husband’s Facebook page was cloned (or whatever that’s called) and his Duolingo account has been hacked, which is just ridiculous. I keep telling him this is what happens when you use the same password everywhere, so he’s starting to change things up now.

    The Book of the Month Club sounds great!

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.