About Hacking

Hacking basics

Hacking is when someone gains unauthorized access to your accounts, data, or devices.

People think hackers are computer geniuses and software experts. While those skills are useful, they're not necessary or even common among hackers. Hackers are more likely to take advantage of human failures via social engineering or phishing. It's usually easier to impersonate you and trick a customer service agent than to hack into a computer by taking advantage of software bugs.

Who gets hacked

Almost half of people in the United States have been the victim of hacking-related crime, and hacking attempts grow more common every year. The consequences of being hacked range from annoying to life-changing. Sensitive personal information and trade secrets are stolen and shared. Bank accounts are emptied. Loans and credit cards are opened. Physical infrastructure is disabled.

About half of victims lose money. Trying to recover it takes hours and is often fruitless. The average loss reported to the FBI in 2021 was about $8,000, and total reported losses were $6.9 billion.

Hackers often target you because of your job. They're after valuable trade secrets, company bank accounts and credit cards, and databases of customer records. Or you might have the credentials to access a water treatment plant, or distribute software - valuable targets for rivals or malicious nation-states looking to do harm. You might think you're safe if you work at a small company, but you're actually more likely to be targeted.

How hacking works

There are many avenues for hackers to pursue. Click each heading below to learn more.

Guessing your password

It's hard to remember long, unique, secure passwords, so people tend to come up with the same ones as each other, or to reuse the same password for multiple accounts. There are lists of the most common passwords and of leaked passwords. Hackers trying to log in to your accounts will start by going through the lists. Here are the ten thousand most common, but much larger lists are available, too. An attacker can also try all the possible combinations of letters that could make a short password, so short, uncommon passwords are also insecure.

Resetting your password

To get around a strong password, a hacker might try to reset your password. Password resets usually ask you to receive an email or text message with a code or link that proves your identity, but there are usually other ways.

Often, security questions can be answered in order to gain access. These are questions like "What's your mother's maiden name?", "What city were you born in?", or "What was the name of your second-grade teacher?". The answers to many security questions are a search away if the hacker knows a little bit about you. See the example below.

If there are no security questions to answer or the hacker comes up short on answers, they can turn to customer service agents. Many companies give customer service agents access to personal information and the ability to reset passwords. Those customer service agents don't always follow secure processes. The hacker can impersonate you and take control by providing information like your name, address, phone, or part of your social security number, all readily available online.

Stealing your password or taking over your devices

A hacker might send you an email or call you to try to get you to download software that allows them to control your computer remotely. Or they might send you to a spoofed sign-in page in order to trick you into handing your credentials over to them - a phishing attack. A hacker with your name, address, and interests, all available on people-search sites for free, can pretend to be someone you know so that you trust them.

Exploiting software vulnerabilities

While social engineering is more likely to be your downfall, software exploits do exist. Some companies run out-of-date software with known bugs, so they're vulnerable to old, widely-known exploits. Your information isn't safe with them. Other companies keep their software up to date, but hackers are always looking for and finding new ways to bypass restrictions. Many bugs are reported by good-samaritan hackers, but many others are discovered and kept secret by malicious hackers, who take advantage of them for as long as possible, or sell them to the highest bidder.

How to protect yourself

Examples of hacking

Here are some examples of hacking. Click each heading below to learn more.

Guessing your password

You sign up for coolwebsite.com using your email address and the password "baseball123". A hacker knows your email address and wants access to your account, so they go through a list of the most common passwords and try each one. Eventually, they reach "baseball123", which is one of the 10,000 most common passwords. The hacker gains access to your account.

You change your password to some random characters: "1P^k". The new password doesn't show up in any lists of common passwords. The hacker tries all the common passwords and doesn't guess yours. Then, they try to brute-force your password by trying every possible combination of characters. After a few million tries (modern computers are fast and coolwebsite.com isn't limiting attempts), they manage to guess your password.

Answering your security questions

You sign up for coolwebsite.com, but this time you use the password "oZNDH8qm^pOlqCV#I5v1V0w!" and you store it in a password manager, which is also protected by its own strong password and multi-factor authentication. The password doesn't show up in any lists, and it's too long to guess. coolwebsite.com asks you to answer security questions, to be used for account recovery. The questions are "What's your mother's maiden name?", "What city were you born in?", and "What was the name of your second-grade teacher?". You answer the questions. Later, a hacker can't guess your password, so they click the button on coolwebsite.com saying "I forgot my password". The hacker is presented with your security questions and gets to work finding their answers.

The hacker only knows your email address, so to find more information about you, they go to mylife.com and search for your email address. Mylife instantly shows them your full name, age, current city, past cities, and the names of some of your relatives, all for free. The hacker sees a woman's name. She has the same last name as you, so the hacker looks her up, again on mylife. She's the right age to be your mother. The hacker finds her maiden name in the list of alternate names she uses, and now has the answer to your first security question.

The hacker guesses that the last address listed on mylife for your search result is the first city you lived in, which happens to be the city you were born in.

Now the hacker is faced with the trickiest question and needs to find the name of your second-grade teacher. They don't know exactly where you lived, since mylife only shows them city names. The hacker needs your street address. They can pay mylife for it, but there's no need. The hacker goes to thatsthem.com and searches for you using the information from mylife's free search results. They find you on thatsthem, which provides full street addresses for free. They look up the nearest school and with its name and location, they find its historic yearbooks which contain your second grade class information. The hacker has everything they need to reset your password.

You might be thinking that the hacker got pretty lucky in this example. You're right. But even if it doesn't go so smoothly, a real, dedicated hacker won't mind searching through a big list of relatives or addresses and yearbooks to find the right details.

Stealing your phone number

You sign up for coolwebsite.com with a secure password and hard-to-research security questions. You also give coolwebsite.com your phone number so that they can use it to text you a password-reset code if you ever forget your password. The hacker can't get into your account with your password or security questions. They look you up on thatsthem.com using your email address. Thatsthem provides your phone number for free. The hacker can now carry out port-out fraud.

They call up a cell phone company and say they want to sign up for service and transfer their old phone number so they don't lose it. They provide your number when asked what their old number is. They know enough of your personal information (from thatsthem and similar sites) to convince the cell company that they're really you. The cell company transfers your number to the hacker. The hacker performs a password reset via text message and has access to your account.

Taking over your devices

The hacker can't find any way to get into your coolwebsite.com account. They decide to take over your computer. They impersonate your sibling and send you an email telling you about a great new program you need to try. You're fooled, so you download the program from the hacker, and they take control of your computer. You're signed into a bunch of accounts, including coolwebsite.com, so the hacker has access.

Or if you're especially interesting, the government or someone powerful might decide that your privacy rights don't matter. They can take over your device without any interaction from you.

How EasyOptOuts can help

We opt you out of the most prominent people-search sites sharing and selling your information without your consent, to make it more difficult for hackers to discover answers to your security questions or impersonate you or the people you know. Signing up takes just a few minutes. We handle the rest!

We can't guarantee removal of all of your information, but hackers prefer easy targets, so by making your information harder to find, you can stay out of their crosshairs.