Infosec

How Getting Hacked By My Ex Taught Me About Cybersecurity

On June 9th, 2020, I received one of the worst notifications of my life: a $1,000 transaction had been made from my PayPal account to my ex’s account. I was furious, nervous, and confused. I had recently left a turbulent relationship, determined to start a new chapter. This felt like an attempt at control, a last-ditch effort to maintain some influence over my life. Whether you’re dealing with a breakup or just trying to keep your digital life safe, learning from my experience can help you avoid a similar fate. Cybersecurity isn’t just for techies — it’s for everyone.

How It Happened

I had left that relationship because we weren’t compatible. At the time, I was at a crossroads in my career. Working as a software developer left me feeling unfulfilled, so I started live-streaming on Twitch as an outlet. I enjoyed connecting with my audience and doing tech-related things, like coding tutorials. It was clear that I needed to create an exit strategy and leave. With the money I made from Twitch, I bought streaming equipment, sent it to my family’s home, and left. I felt liberated.

One day, while preparing for a stream, I received a strange text from PayPal informing me that $1,000 had been sent to my ex. I immediately knew it was him because the recipient’s email contained his full name — he didn’t even try to disguise it. I was livid and shaken. To make matters worse, I didn’t even have $1,000 in my PayPal account.

Because PayPal couldn’t process the transaction with my own funds, they covered the amount and charged me the balance, leaving me with a $1,000 debt. This is where I have to give a shout-out to the tech community on Twitter. I vented about the situation and was transparent throughout the ordeal. Thanks to their support, an engineering manager at PayPal was able to escalate my case to “Executive Escalations.”

After countless conversations with both Bank of America and PayPal, I was finally freed from the $1,000 debt. I never found out what happened to my ex or if there were any consequences for him. In the end, it didn’t matter. I was able to move on. However, the incident taught me some important cybersecurity lessons that I want to share with you.

Cybersecurity Lessons Everyone Should Know

1. Use a Password Manager to Prevent Password Reuse

One of the most common mistakes is reusing the same password across different sites. This is a major vulnerability because if your credentials (such as your email and password) are leaked in a data breach, an attacker can access multiple accounts. At the time, I didn’t use a password manager, and it’s possible I used similar passwords on different platforms, making it easy for my ex to exploit.

Using a password manager allows you to create strong, unique passwords for every account without having to remember each one. You only need to remember the master password. I recommend BitWarden or 1Password.


2. Enable Multi-Factor Authentication (MFA)

Multi-Factor Authentication (MFA) adds an extra layer of security by requiring more than just your password to access an account. For example, when logging into Facebook with your email and password, if MFA is enabled, you may also be prompted to enter a code sent via text or an authentication app.

I wasn’t using MFA at the time, and had I enabled it, my ex wouldn’t have been able to log in with just my password and make that transaction. Enabling MFA makes it much harder for an attacker to gain access, even if they have your password.

3. Be Wary of Phishing Scams

While my situation involved someone I knew, many cyber-attacks are carried out through phishing scams. These are deceptive emails or messages that appear to be from trusted sources, like PayPal or your bank, but are designed to steal your information. Always double-check the sender’s email address and avoid clicking on suspicious links. 

Looking back, getting hacked by my ex was one of the most frustrating experiences of my life. But in the end, it taught me valuable cybersecurity lessons that I now apply to both my personal and professional life. You don’t have to be a tech expert to protect yourself — these basic steps can go a long way in keeping your digital life safe.

Thanks for reading. I now work as a cybersecurity analyst and my mission is to increase security awareness and help make the world more secure. If you’re interested in seeing more cybersecurity content from me, follow me on Twitter, LinkedIn, or read my blog!