Millions of Americans use email, often everyday and all day. It's how we communicate and do business these days. Many of us have e-mail accounts through work. For those of us who don't (and even for many who do), we use free or low-cost e-mail services offered by popular sites like Hotmail, Yahoo!, and Google's Gmail.

You'd like to think that the messages you send and receive, and those you save or keep in your e-mail account are safe. Usually you're right. Recently, however, there was a security breach at Microsoft's Hotmail and other e-mail sites, which should come as a warning that your e-mail and other accounts are almost always open to a cyber-attack.

What Happened?

Microsoft, the software and Internet giant, recently confirmed that a large number of passwords belonging to some users of the company's Hotmail e-mail service were stolen. The passwords were then shown on another Web site, making them visible for the world to see. The Web site was taken down or offline, but the damage was done. Microsoft hasn't released the name of the Web site, and it hasn't given the exact number of passwords that were stolen, but it's believed that more than 10,000 accounts were affected.

Not long after Microsoft reported the breach, similar security problems were discovered with passwords to e-mail accounts at other popular sites, including Google's gmail, Earthlink, Comcast and Yahoo.

How Did It Happen?

The multiple security breaches weren't the result of computer hackers breaking into Microsoft's computer servers where the e-mail passwords and other account information is stored. Rather, the breach was the result of a phishing scam.

What's phishing? It's a low-tech scam where someone pretends to be from your bank, e-mail provider, or some other site or business that you trust and you're tricked into giving away personal information. Bank account numbers, social security numbers, and passwords to all sorts of computer-based programs and activities are good examples of information stolen by phishers.

Protect Yourself

The security breach may threaten more than your e-mail account. Many people use the same password for more than one activity. For example, you may use the same password for your e-mail, eBay, PayPal, and online banking. If so, it's possible that the recent e-mail phishing scam exposed these passwords, too.

You should change your e-mail password immediately if your e-mail account was victimized by the recent scam. Make sure it's one that's not easily hacked. Your initials and birthday aren't good passwords, for example. Also, check your other Web accounts. Make sure no one else has been using or accessing them, and think about changing those passwords as well. If you see any suspicious activity, notify the service provider (like PayPal or your bank) immediately.

From now on, there are some things you can do to protect yourself:

  • Don't answer suspicious e-mails. Most Web sites you do business with won't ask you for personal information through an e-mail. If you get a message asking for personal information, contact the Web site by phone or by a separate message and ask if the e-mail you received is legitimate
  • Make your passwords hard to hack. It should be very hard for someone to guess your passwords. Most Web sites offer help in selecting strong passwords
  • Don't use the same password for multiple Internet activities or tools
  • Change your passwords periodically. It doesn't have to be every few days, but every few months or so is probably good security

E-mail and other Web activities can be wonderful. Using them saves us time and helps us communicate quickly and stay connected with family, friends, and co-workers. But you can't be asleep at the keyboard. Unfortunately, there are some not-so-nice people in the cyber world. You're almost always susceptible to a cyber attack They want your information, and they'll use it if they get it. Let this recent phishing scam be a warning. Take steps to protect yourself online.

Questions for Your Attorney

  • I think someone hacked into my back account online, but the bank said it doesn't see anything suspicious. What should I do?
  • Should I report phishing to the Federal Communications Commission (FCC)?
  • If my personal information is stolen from a Web site and my information used by hacker, can I sue the Web site for any money I may owe because of the hacker's identity fraud?

Tagged as: Communications and Media, Privacy Law, email sites, privacy law lawyer