CLEVELAND — So often we're warned about changing our computer passwords and never re-using them. It probably goes in one ear and out the other. But after seeing what was found about me and Go! Anchor Dave Chudowsky, you might be driven to take action.
It started with my giving my personal email address to TrustedSec, a local computer security firm.
Managing Director Paul Sems sent me an email, pretending to be from a company I do business with. He knows how to do that because he’s what’s known as a "white hat hacker," where he shows companies how to protect themselves from outside cyber threats.
The email claimed my information may have been compromised because the company was the victim of a data breach. It asked me to click on a link to rest my password.
For the purposes of this demonstration, I did. And that’s when everything went downhill.
Sems was able to access my Gmail account and the password I use to log on to my computer, as well as my web camera, in real time.
It was to show us just how easy it is for hackers to hijack your computer and steal everything on it.
"We have you on the camera right over there,” Sems showed us. “And we can listen to your audio. We can capture all you're seeing on your screen."
He could even snap a picture of me.
It’s something a hacker could use to get a driver’s license in some states or a passport.
"Now with face ID recognition, if the facial recognition isn't that strong, you could do all sorts of things with that," Sems added.
Now you might say, ‘I'm too smart to click on a link’. But what if you're the unknowing victim of a data breach, which is likely, given nearly eight billion private records were exposed last year?
Go anchor! Dave Chudowsky agreed to play along, giving TrustedSec his personal email.
Sems pulled a quick dossier on him, finding out that Dave was the victim of six data breaches. And all of his information was for sale on the Dark Web for $750.
The Dark Web is a place you can't access with regular search engines and is a hotbed for criminal activity.
As Sems showed us, "We found out his date of birth, social security number. We found some of his phone numbers, his current address.”
He also had the models of all his cars and license plate numbers, plus all his previous addresses and all the phone numbers he’s used.
With all of this information, someone can pull his mortgage information including his signature. And with his signature, a thief can forge any document, including financial one.
"We could go ahead and get a home equity loan on your behalf without you knowing,” Sems says.
Dave says he was shocked that his signature could be used, but said, “I’m so involved in social media that I almost feel like there's kind of no way out. And you're kind of trapped.”
In some ways he’s right. If you re-use your passwords, you are setting yourself up, because once they end up for sale on a site it's game over.
“That's what the criminals do. They'll take that list as a source and then they'll go ahead, and try it programmatically against hundreds and hundreds of different websites,” Sems explains.
It’s why experts say, when you’re setting up an account and are asked for a security question like ‘where you went to school’, lie. It makes it harder for thieves to find that answer by trolling your social media or if your data has been stolen.
To protect yourself, you also want to enable multi-step authentication which is explained below.
More from Danielle Serino:
Editor's Note: The below story aired in June of 2020