Hacked.
In all of my years on this earth, I never thought I was important enough to ever catch the attention of a hacker and become a victim of hacking. I am almost 35, a wife, a mother, a business owner and to be honest it isn’t very exciting. I have built a business over the last eight years that has grown into a tiny company which has allowed me to continue to grow as an artist and provide beautiful photography to my customers in the meantime. So why on earth was I targeted by someone and put through literal hell since the end of December 2015?
Let me back up a little bit to when I was first hacked.
Over New Years of 2015/2016, it was my first indication that my hosting platform had been hacked by someone. I was contacted by customers who were being charged by my company through Stripe for an absurd amount of money – all in American Currency (which is quite the exchange rate when all of this is happening in Canada). I was able to contact Stripe and have that worked out. I was unaware however that my HostGator account had also been hacked and I discovered that when I checked my credit card statement and had over $4000 in fraudulent charges brought against myself. I again had to contact HostGator where I was told that I was responsible for those charges and when I argued the charges, they confirmed that my IP address was NOT the address that was used by the hacker to abuse my account and order what they did. HostGator was asked at that point by myself if there was anything else that could happen and they didn’t answer me one way or another, so it was left.
Prior to finding out about the hack and the extra charges, it is also important to note that I had been sent a Domain Transfer Request that I had contacted HostGator about and was told twice not to be concerned about it – once on the phone and once through a chat session that I didn’t need to worry about it because it was locked and that I should just ignore the message. That bit of advice was the stupidest thing I have ever followed and if I could go back and reverse it, I definitely would.
It was around the 3rd week in February, and I was just starting to get going on the day’s editing when I received a message through my First Blush Photography Facebook business page. Not wanting a potential customer to have to wait; I zoomed over to the message and took a look at it not believing what I was seeing. An account by the moniker “James Huge” had gone to my website and screenshot my logo as well as one of my family images and created a fake Facebook profile from it. The person responsible for this told me to go look up the WHOIS information regarding my website www.firstblushphotography.com (which is currently on lockdown through ICANN), and when I went to look, I saw that the information had not only been changed but also was hidden from the public. Over the next day or so that one profile was removed by Facebook for being fake and unfortunately it was replaced by another one by the name of “Ogal Rebels.” This person messaged me stating that they wanted to give me the opportunity to buy back my domain – but not to do “anything stupid” in the process.
I went directly to Hostgator where I explained my situation and was placed in contact with a Senior staff member who began working right away with the company that my domain was transferred to (Namecheap.com) as well as eNom and ICANN to try and get this situation sorted out. In the meantime, the person who hacked me had pointed my domain away from my webpage, and towards a bitcoin company where s/he was trying to sell it for $200.00USD. Through many emails, my website was finally directed towards a blank page through Namecheap.com where at the very least I am not at risk of having it auctioned off directly through Bitcoin companies.
The next hit came at the end of February when just after dinner I grabbed my MacBook and decided to do a little blogging after dinner, and I saw this weird gray screen, and it was asking for a password. I had no idea what was going on, but after a quick peek at the iPads in the house (which were also locked), I started to panic. WHY WAS EVERYTHING LOCKED???? I called Apple Support right away, and it turns out that the person who hacked me also hacked into my iCloud account and had accessed my Find My iPhone feature on all of our Apple items in the house and had set them to lost mode so that they were completely locked down. The most entertaining part of all of this (I say entertaining in the most crudest of ways) – they called into Apple directly with my laptop information and managed to socially hack my account. I have NO IDEA to this day how they got my laptop information – this is a relatively brand new machine (I bought it in 2015) and at some point they had to be able to access my serial number of it as well as my actual key strokes or screen shots (there is a TON of malicious software that Mac’s are vulnerable to (don’t believe the hype for a second that Mac’s don’t get ‘sick’). What is disheartening and confusing though is that I had security on my computer and NOTHING – malware or virus was ever picked up by it. I have never ruled out a network hack, but at the end of the day, it is still a mystery and still extremely concerning.
Where we are at now after being hacked.
While many people would have thrown in the towel by now, I just cannot do that. Photography is something that I love and something that gives me purpose. I am a record keeper, an artist and most importantly someone who truly embraces the lifestyle of photography and to give that up because someone found a way to extort a weakness and used it to try to destroy my business and cause me a fair amount of distress and expense to get back what never should have been taken from me in the first place.
So as it stands at the moment my business name, domain and oldest child – First Blush Photography is now defunct. In all honesty I do predict that it will be returned to me considering the amount of information that I had provided to HostGator including my history with my account as well as the emails and discussions regarding the domain transfer and documents going back to 2008 when I first registered the domain as brand new in both the .com and the .ca world. The question is though, how long will it take for me to get it back? In my research I can expect that it will be much too long to stay out of business so I decided to start over with a new business name and new social media accounts which have been relatively painful as my Facebook business account was over 3000 followers as well my Instagram account was around 1000 followers so while starting over has not been very pleasant, I felt it was necessary for brand continuity, as well, the opportunity to start fresh is something that isn’t afforded to most business’ as they begin to make a name for themselves, so I have decided to embrace this and do the best that I can to move forward and create a healthy environment to really showcase the brand that evolved from First Blush Photography since 2007 (prior to branding) and now will be found at Suzanne Taylor Photography.
Suzanne Taylor Photography – my new name and brand.
Suzanne Taylor Photography is a name that was born out of a lot of consultation on Facebook and with the very important people in my life who have a stake in the things that affect me. Many different names were considered during the few weeks where I decided that this was going to happen and many people gave me really awesome feedback on the options I presented to them. I really considered keeping my brand and just branding under www.firstblushfineartphotography.com but again, having the opportunity to start fresh because very important to me based on the reasons I was even considering this so finally I bit the bullet and went with Suzanne Taylor Photography and I will list all of my new social media at the end if you want to update your social media contacts for my business.
I am planning to continue to specialize in Children’s Fine Art Portraiture and will also offer all other photography styles as well (as I always have) such as Engagement/Wedding, Newborn and Baby, Family and other styles as requested from the most important customers in the world to me – my customers.
I didn’t want to make this an excessively long blog post – if it is too long to read you know you won’t read it, so I hope that I have done one very important thing: made you aware that this can happen to you. I have no idea how this happened, why it happened or what the outcome will be for my business. I am not important in the world of photography – I don’t have 50K followers, I don’t make a lot of money doing this for a living, I don’t have any commercial jobs (though I would really love one if anyone out there is looking for a pretty decent photographer) and I am really honestly just like you.
Protecting Yourself.
I can’t tell you exactly how to protect yourself from something like this, but as I research it more, I will update my blog and try to connect some good resources to it in case you find yourself in this position one day.
- Passwords: I cannot stress enough the importance of SUPER STRONG and CRYPTIC passwords to prevent being hacked. Even as it was my iCloud account had a 22 character password with uppercase, lowercase, numerals and special characters but it wasn’t enough obviously – so change it frequently and keep it strong. I used to have a 3 strong passwords for everything…now I have separate, incredibly long and difficult passwords for everything and while it isn’t easy to log in anymore to everything, that is the point.
- Backups: Please backup ALL of your files. Not just some of your files, but every single one for your website, your files on your website and all of the information needed to recreate your site and your digital life if necessary. We take for granted how much of our lives are digital now and how we would cope if those things were gone.
- WHOIS Information: I am 99% sure this is likely where the issue began way back after thinking about it for the last couple of months. I started my website in 2008 and was working full time as a Child Protection Worker and only did a handful of sessions the whole year. My site was hardly amazing – it was very plain, and it was there only because I thought I should have one. I didn’t understand the questions it was asking me when I registered for my website, and my registration wasn’t blocked. This is frustrating to me living in Canada because blocking is done automatically with .ca addresses and I think I just never noticed and lived in ignorant bliss.
- Double Verification: I had no idea what Double Verification was up until about a month ago. Essentially your passwords are tied to a code that you get to your phone each time you try to log in. I have done extensive research on this and while there ARE way’s for hackers to get around this if they are super determined I would like to think that it would keep the majority of basic hackers out unless they gain access to your phone number and accounts through another means.
- Social Hacking: This is that other means I just prefaced. Social hacking is terrifying, and the long of the short is that hackers collected personal information over a period and then contact the business/etc. That they are trying to gain access to and either pretend to be you or someone who knows you desperate for the info – like a spouse, sibling, etc. They have excellent scripts, play tracks of babies crying in the background and put the person on the other end of the phone in a very difficult position where they likely cave. They provide the login info, password reset request, etc. and then you’re compromised. While changing some of my accounts around I have been SHOCKED at how easy it has been with a handful of them to just over chat ask them to reset my password because I was hacked and voila – done. It has made me question doing business with many of these businesses frankly because they lack the internal policies needed to keep personal information safe. Make sure that all double verification is complete and together before you start dealing with a new or old company. Go now and activate them and if you think its an inconvenience it is – deal with it.
- Key Loggers: I have no idea how the Hacker(s) received so much information about me and my computer. Did I click on a link? No idea – this would have been way back in November I would guess as they had my laptop serial number and called into Apple directly to make these switches (talk about a security flaw). I have no idea what they said to them, but I was hacked within 48 hours of changing my iCloud login information, and then they double verified my account to them – creating an even larger mess. A keylogger makes the most sense. However, I had no detectable virus or malware on my computer and had an Apple Senior Advisor go through my computer remotely to see if they could see anything, and they did not.
- Website Security: If you own a website, PLEASE invest in security for it. There are hundreds of fantastic security companies out there that can cost as little as $10 a month. Currently, my website has blacklisted every country except North America as I was receiving threat notification’s daily from all around the world with multiple hack attempts. As I satisfy customers only in North America, it didn’t seem necessary at the moment to have my website left vulnerable for the world to access it for harmful purposes. Consider limiting your site reach if you don’t sell internationally.
- Network Hack: Lastly, this could have been accomplished by hacking my computer network – I have no idea if this is possible (I am sure it is – just today the FBI admitted that hackers cracked the iPhone that they were suing Apple over regarding information). It could be an exploit but again – I am not sure. Just make sure that your internet password on your router is long and complicated.
I am not a security expert, and I am certainly not advising in this post – I am only bringing forward areas of security that you should make yourself aware of to keep your digital information safer as I have heard more about hacking and security breaches in the last month then I have ever before. Please make sure that you take the appropriate steps to be secure – it’s your responsibility and only your responsibility.
What is next?
Like I started off, I never in a million years thought I would be a target of a hacker. I don’t have a vast income from photography, I have won a lot of awards – but nothing excessively notable that would gain the attraction of evil people (nothing with substantial cash prizes), and I am not a celebrity anywhere in this world. There is very little to gain except the satisfaction of the Hacker that they have destroyed something that I have worked years on and that I spent a lot of time and countless hours to grow into what it is.
Please keep your information safe and don’t take your security for granted. It will catch up with you if you do and really – you don’t to be hacked.
Suzanne
***
Social Media
You can find me here as I begin to rebuild a new and improved brand with all the talent that First Blush Photography crafted.
www.suzannetaylorphotography.com
www.facebook.com/suzannetaylorphotography
www.linkedin.com/in/suzannetaylorphotography
Suzanne Taylor - Good to hear Natalie!
Natalie Balen-Cinelli - read this through and through – thank you again. all my emails are now double verified at the very least :/
Nikki Harrison - So sorry to hear this happened to you – so brutal!
Tina Brenner - So sorry to hear that has happened to you. Thank you for making me more aware!
How long until you're a hacked photographer? | Red Deer Photographer - […] I am not going to rehash the full story of being a hacked photographer as I wrote out the whole event after it happened that you can link to HERE. […]
Red Deer Dance Photography | Suzanne Taylor Photography - […] corrupt, etc. and all of that is gone. I learned when I was hacked a year and a half ago (read THIS BLOG POST) that you ALWAYS need backups of your photography, but a hard printed copy is ultimately the best […]