- Google found some suspicious activity in the Gmail account that's associated with the Blogger account, which is Judy's (she rarely uses it). Google promptly shut the account down, which is a good thing.
- When Judy logged in to Blogger to publish some comments, the system informed her that she had no access. A quick Google (yes, always) search informed her of the Gmail security issue.
- She logged into her Gmail account, verified her identity by receiving an activation code via text message, and Google quickly restored access to all associated services (Picasa, Google profile, etc.) That is: everything but the blog.
- While we had backup files, that didn't do us any good, as Google was not giving anyone access to the blog -- neither to the owner nor to readers.
- After Thomas communicated with the Google folks via the online forums and asked them to restore access to the blog, it was done within a day -- sometimes it just takes a while for all the information to be re-linked to your account.
Here's what we learned:
- Add a second user to the blog. We've now added Thomas as an administrator to our blog. If the Gmail account gets hacked again, Thomas will have access and the blog won't be owner-less in cyberspace.
- This all happened because Judy's Gmail password was weak. Bad Judy: she uses the highly sophisticated password database Keepass (we wrote about it here), but her old Gmail password was too easy to guess. Easy lesson: use difficult passwords with special characters and numbers. Keepass automatically generates complex passwords.
We are generally very happy with Blogger, but also use Wordpress for other blogs and websites. For now, the issue was user mistake (weak password) combined with a smart hacker with a smartphone in Brasil (who sent out some drug-related e-mails on Judy's behalf). We are incredibly grateful it's been resolved. We wanted to share what we learned so it doesn't happen to you.
6 comments:
Thanks for giving us a summary of your lessons learned from this harrowing episode. It would be heartbreaking to see all that work, as well as all the good conversations that results, disappear.
I think another thing important to say is that bloggers should also create their OWN backup of their blogs. It is fairly easy to export all the data, including comments, to an XML file. Both Blogger and WordPress offer this option on their dashboards. I do this manually for some of my blogs and for others, I have automated it, so both are possible. This preserves the content, which is, in the end, the most important.
Thanks again for sharing your story on this with us, and glad it turned out okay in the end!
Thanks for the info! I had backed up my blog as soon as I read about your demise on Twitter - something I had not even thought about doing, although I do it for everything else work-related.
I work with two different e-mails on my blog, so if one should get hacked (which I hope will never happen!), I'll still be able to access it with the other account.
I'm happy that everything turned out well in the end. But it shows once again how important it is to create secure passwords.
Thanks for sharing your story.
What an awful experience! Thanks for sharing it as dealing with Google support can be a challenge. We're just getting our own language and translation blog off the ground. I'd love to hear more about why you ended up sticking with Blogger instead of moving to Wordpress.
As blogger doesn’t have inbuilt feature for sheduled backup you could use http://blogbackupr.com for this purpose.
blogbackupr has also a one click restore functionality. It automatically backups your post articles, comments and categories.
I've added this and some other blogs to Blogbackupr and it seems to be an easy and reliable service.
A very responsible warning!
Glad to have you back.
Post a Comment