After my Yahoo! and GMail accounts got hijacked, I had to take some time off to understand what could have gone wrong with my email account. I always thought that I take good care of them - Alas, I don’t! Here are a few things that I noticed in the last couple of days.
How difficult is it to hijack a email account?
- Sniff the network, you get hold of all data being transferred on the network
- Randomly try some passwords based on what you know about the owner of the email address
- Hijack his secondary account first and then try “forgot password” on his primary account!
What I do to save my accounts?
- Login only via SSL (I could still miss it once in about 500 times)
- My passwords generally have nothing to do with me or my past - one did and it got hijacked
The mistakes
- I chat from the same accounts which I use for my mail - This could be good and easy, but considering the fact that none of the chatting server support SSL in any good way, this is a potential danger to the email accounts!
- Using one insecure email account as the secondary email account to my primary account - there are a few stupid things about my primary account too - google was stupid enough to send a reset password mail to secondary account without verifying any thing! Well, google probably thinks that the secondary email accounts are more safe and well monitored than the primary account itself
Hope to correct these mistakes in future. But it would take time to build a new identity on the Internet
I am Prasad Sunkari,
co-founder of