CHICO, Calif. - A Chico-based professional hacker got hacked by making a common mistake. Now he has a warning.
“I came across this hack by being a victim of it, surprisingly,” said online security expert William Caput. “I was using a password that I had used on one of these sites years ago.”
Caput gets paid to test companies' online security.
Rewind to the year 2016, when Yahoo was breached. He says someone went in and stole all the emails, phone numbers and personal information associated with 57 million Yahoo users.
“They take those 57 million email addresses and compare them against stolen passwords that were found on other sites like LinkedIn," he said. "If they match up, they'll take the password and put it on the Uber account.”
"And if the password works on an Uber account, they'll sell it," he said. "So those passwords are worth, at the time I was researching it, about $3 a piece.”
Fast forward to now. Caput says he got an unsettling message.
“I got a notification that I was taking a ride on the East Coast, and I was here in Chico,” he said.
Caput says he immediately changed his password.
“Then I got the notification that someone was trying to log into my account again,” Caput said.
Caput only lost $9 because he was able to change his password and lock the thief out. While he got lucky, he says others have been scammed for hundreds of dollars. He suggests using a different password for each website and changing passwords often.