Story Time With Mike - I Got Hacked

This is the 1st post in a series called Story Time With Mike. In these blog posts I will share a personal story involving technology that happened to me or someone I know.


In late December, I noticed an email from Skype that indicated that I had been charged $29.99. I spend about $60 per year on various Skype services so I assumed that it was time to renew something on my account.

Approximately a week later I received another email from Skype that indicated that I had been charged $49.99. This didn't sound quite right so I decided to log in to my Skype account and try to figure out what was going on.

When I logged into my Skype account I clicked on Billing & Payments and looked at my Purchase History. It showed that I purchase a total of 1200 minutes to make phone calls to Pakistan.

How could this happen? I am pretty diligent about having different passwords for my various accounts and my passwords are often 19 characters long or longer. I was perplexed at how someone could have hacked into my account.

After spending a few minutes thinking about it, I realized that the password that I had been using for the last 7+ years was a very simple password with no capital letters, symbols, or numbers. That was bad enough, but it was also the same password I used for numerous other websites years ago before I started utilizing better passwords for the websites I frequent.

I have since changed the password on many of the sites that use to share the same password with Skype. The odds are that I forgot some of the sites that shared this password and in the recent past one of those sites got hacked into. Since I used the same username (my email address) and password on a bunch of sites years ago, the hacker would try common websites like Amazon, Skype, eBay, Gmail, AOL, and Paypal with the username and password that they are now in possession to see if they can get access to my other accounts.

As soon as I discovered that my account had been compromised I immediately logged into Skype and changed my password to something much more secure. I am fortunate that whoever gained access to my account had not changed the password on the account. That would have made things a bit more challenging.

After changing my password I called my credit card company to report the fraudulent charges. They were very helpful and after about a 20 minute phone call they assured me that the charges would be removed from the account.

I feel foolish for allowing something like this to happen considering that I teach a community ed class called How To Stay Safe In A Digital World and I discuss the importance of not using the same password on multiple websites.

Fortunately, the damage was very minimal and I caught it fairly quickly. I learned my lesson and hopefully me experience will help others.

Check out my blog post Strong Passwords to learn how to create stronger passwords that are easy to remember.