As the New York Times and others report, former US Secretary of State Colin Powell has had his personal Gmail account hacked.
26 months worth of Powell’s private email conversations, dating from June 2014 to last month have been posted online by a group calling themselves DC Leaks.
Amongst other things, the leaked emails show that Powell is not a fan of Donald Trump and has some scornful words for Hillary Clinton too.
Of course, the emails aren’t just embarrassing and damaging for the privacy of Colin Powell – they are also potentially humiliating for the people he was corresponding with, who have had their own private conversations exposed to the world.
And then I found it somewhat ironic, when flicking through some of the leaked emails, to stumble across an email Colin Powell sent Lee Fang at The Intercept, after the journalist asked if he had any idea how an email conversation between Powell and General Phil Breedlove had leaked.
“I have no idea whose account was leaked or hacked.”
Well, I guess he has more of an idea now…
So, here is my advice for Colin Powell and anyone else concerned about the security of their webmail accounts:
- Make sure that you are not using the same password on your webmail account as any other online account. Reusing passwords is as much of a sin (if not worse) than choosing an easy-to-guess password, or one that is easy to crack. If you can’t remember all of your different passwords (trust me – you can’t) then get a password manager to do the remembering for you, and protect that with a strong, hard-to-crack password.
- Enable two-step verification (2SV) on your webmail account. Here is how you do that for Google and Yahoo and Outlook. Once you have 2SV in place, hackers will need more than just your password to log into your account.
- Check that your webmail account is not forwarding messages to another account, unless you specifically asked it to.
- Check that your webmail account has not been configured to delegate access to another person who can read your emails.
- Be on the look out for phishing emails which attempt to trick you into handing over your password, and run an anti-virus to protect your PC against spyware.
- Finally, don’t tell anyone else your webmail password.
We don’t know precisely how Colin Powell’s Gmail account was hacked, but it seems likely that he was careless with his password in some fashion, and failed to have additional security measures (like 2SV) in place to prevent unauthorised parties from accessing his messages.
Read more about two-step verification:
- Two-factor authentication (2FA) versus two-step verification (2SV)
- How to better protect your Facebook account from hackers
- How to better protect your Twitter account from hackers
- How to enable two-step verification (2SV) on your WhatsApp Account
- How to protect your Amazon account with two-step verification (2SV)
- How to better protect your Google account with two-step Verification (2SV)
- How to protect your Dropbox account with two-step verification (2SV)
- How to protect your Office 365 users with multi-factor authentication
- How to protect your Microsoft account with two-step verification (2SV)
- How to better protect your Tumblr account from hackers with 2SV
- How to protect your LinkedIn account from hackers with two-step verification (2SV)
- How to protect your PayPal account with two-step verification (2SV)
- How to protect your Yahoo account with two-step verification (2SV)
- How to protect your Apple ID account against hackers
- How to better protect your Google account with two-step verification and Google Authenticator
- How to protect your Hootsuite account from hackers
- How to better protect your Instagram account with two-step verification (2SV)
- Instagram finally supports third-party 2FA apps for greater account security
- How to protect your Nintendo account from hackers with two-step verification (2SV)
- How to better protect your Roblox account from hackers with two-step verification (2SV)
Found this article interesting? Follow Graham Cluley on Twitter to read more of the exclusive content we post.