I know I have written about this topic many times before. A story I read today reminded me not to take this subject lightly.
I was just now reading a blogger’s post about ” How he fell for a phishing attack and the response or no response from Google.
Mark Gosh is a blogger and has a community in Orkut with a following of 25k. He fell for a phishing attack and his profile was taken over by the hackers. He also uses Gmail to store a lot of stuff. (Don’t ask me why people do this kind of silly stuff – really!) He had the same login password for both (Duh!)
He changed his log in password for both his accounts. But the hackers managed to play hell with his Orkut community. Here is why it was happening.
“The Orkut application stores cookies in such a way that if your cookie is ever recreated by someone else or transmitted to someone else, they can use that cookie to log in to Orkut as you. forever. No matter how you change your credentials, you have no recourse of regaining control. So if you ever get caught in a phishing scam that sends your password to someone else and they recreate your orkut_state cookie, they can login as you forever.”
He states that is spite of ringing,emailing Orkut help and Google he got no where. Looks like Google does not want to know about him. What do you do? I personally feel he got himself into this mess.
The most important rule of online activity is not to have a common login password. That way you can cut your losses if something like this happens. Have long difficult passwords and keep changing them often. This can be a tedious job if you do it manually.
I use Roboform to generate random passwords for me in a second.
But it is also sad that big companies do not care about you when you get into a kind of soup. In the past I have had some troubles with Google and no they did not want to know about me.