Gilbert Wat

Writing about the intersection of Technology, Life and God. Partaking a journey to reveal the Order. 1% better every day is 37.7x better after a year.

1 minute read

This morning when I woke up and did my daily routine of checking email, two very suspicious emails showed up in my inbox.

The first email that showed someone has logged into my Instagram account in ...New Delhi

The second email was even weirder, someone has logged into my Instagram account in ... Palestine

Of course first thing first I check if it is a scam or not. It seems not be the case:

  • email is legit
  • Reset password link SSL cert is legit

I immediately check if the hackers has posted something on my behalf. After all, all I care is my reputation. Luckily there is none. What a relief. :relieved:

Of course the next move I take is to reset my password. Twice. I admit it was irrational but it made me feel … cleaner. This password cracker have violated me.

After this irrational move, it may have tended my own emotion. And my rational self came back. I was very concerned about the blast radius. How many of my personal information has been exposed? How many accounts are linked to this Instagram account and I need to take care of? Can people use those information to do harm? I went through a thorough exercise, and I concluded my personal photos, phone numbers, 2 email addresses and Facebook accounts has been compromised. Luckily I have published those information somewhere and there was nothing I was too concerned about.

It is very lucky that I always practice a good security hygience to prevent an all-out leakage of my personal information. My principles are simple:

  1. Use a password manager. My recommendation is 1Password or iCloud KeyChain. Before I subscribed to password manager, I have been reusing password since I had my first online accounts. That didn’t give me the peace of mind. So I have added a trick. I have separated different services into 3 tiers. I reused password for the same tier and I won’t put sensitive information into services in lower tier. And for banks, I have had the longest password.
  2. Everything I uploaded to facebook is considered public. This company cannot be trusted.
  3. Use a long password. For example, %4FHcdh is less secured than this-is-a-good-pwd or hack-shanghai-xijingping-winnie. Just checkout your password strength in this tool

Hope you won’t have to go through what I had this morning!

Updated:

You May Also Enjoy

The day I was humbled by a SEN student

less than 1 minute read

Last Wednesday, a group of students with special educational needs (SEN) visited our campus. They brought us their noise, excitement and fickleness. During t...

生成式苦難

less than 1 minute read

我早幾日聽到連開鎖佬都識ChatGPT,生成式AI依加真係大勢所趨。用左生成式AI咁耐,佢同平時啲軟件唔一樣,同樣嘅input,每一次都有會好唔一樣嘅output。咁嘅特性令生成式AI會有幻覺 :「hallucination」-即係會產生一啲喺現實世界根本唔存在嘅「資訊」。例如我問生成式AI「行路過英倫海峽嘅世界...

St Teresa de Avila Feast Day

less than 1 minute read

今日係大德肋撒(St Theresa de Avila)嘅feast day. 我睇佢嘅自傳真係學到野又感受好深。冒昧分享一下,有錯嘅話可以指證🙏🏻。

Choosing Kindergarten for My Son

6 minute read

Introduction I feel exceedingly pressured as I am choosing a kindergarten for my son. This is one of the first few major decisions for my son. It will have a...