Ever been hacked?
Like many, I have a Yahoo email account. A while back I was having password problems -- my password kept changing (apparently) on its own and frequently I'd have to change it back so that I could access my email. I contacted Yahoo about this asking if this was "normal" to which they responded, "not really" (paraphrasing). I wasn't too concerned about the situation and just chalked it up to a glitch within the Yahoo email program until about 6 months ago when I received an email from a friend who was letting me know that the email I'd sent her (from my Yahoo email account) had been identified as having a virus associated with it. I appreciated her letting me know about the virus... the only thing was that I hadn't sent her any emails. None. Again, I didn't think too much about this until soon afterwards when a different friend mentioned an email I'd supposedly sent (from my Yahoo email account) that I (again) hadn't sent. This time I contacted Yahoo again about my email account and requested they look into the matter for me. I made sure to mention in my "request" that I am a paying Yahoo customer by way of Overture (Yahoo search engine advertising) to the tune of about $1000.00 a month just in case they were tempted to file my "request" along with the non-paying Yahoo email account holders. I don't know if mentioning this helped or not, but Yahoo did eventually respond by letting me know that they would look into the situation for me. Not only did Yahoo look, but they also found. Evidently, Yahoo has sophisticated site metering capabilities that can keep track of the IP addresses of all users who log on to their system, assuming one can provide them with specific time-frames that the hacking took place. It took Yahoo (what seemed like) forever to provide me with the IP address for the hacker who was hacking into my Yahoo email account, but provide it they did. And because I know a little about IP addresses and because I live in a very small town, I now know who hacked into my email account.
My next step was to do a little research of my own to determine whether or not email hacking is against the law or not. Check out this thread, Hack an email account, go to jail. Clearly, the laws are cracking down on email hackers and much of whether or not the hacking is considered "criminal" is dependent on what the hacker does once in your account. From what I've read, if the hacker simply looks around and then leaves, invasion of privacy, obstruction of correspondence, as well as identity theft issues are involved with penalties rivaling those of USPS snail mail laws including jail sentences of up to 5 years! However if the hacker takes information from that account with the intent of doing something with it ("harboring malicious intent"), even stiffer penalties are levied. Another factor that determines whether or not hacking is considered criminal is how the account information was obtained by the hacker. In other words, did the hacker fraudulently obtain the user name and password information for an email account? In my case, the answer to this is yes since I did not give my username and/or password to the hacker or leave it laying around in an insecure location.
Obviously, I'm not an attorney and I'm not familiar with all the legal jargon, but it doesn't take a rocket scientist to see that hacking equals jail time. My dilemma now is whether or not to press charges. The serious business-woman in me says to take all necessary steps to ensure this never happens again, and yet I'm not sure I want to see her do jail time or lose her (governmental) job. Changing passwords is clearly not enough, since this woman knows enough about me to answer the questions required to obtain new passwords. Part of what really bothers me is that she's been doing this for so long and may continue to do it unless I take serious measures.
Have any of you ever been through this or something similar?