Luke Seabach, sophomore game design major, started creating and uploading videos to YouTube when he was in seventh grade. Eight years later, he has an online following and thousands of subscribers. On Nov. 28, all of his content and hard-earned money was taken away from him within hours because of an online hacker.
“I’ve reached a point where I’ve gotten fans. I have an audience,” Seabach said. “I could drop out of school right now and make a living off of this. Because of that audience, people love you and people hate you.”
The hacking started with Twitter. The hacker tweeted at Seabach, “dope social security number.”
“There’s only one way he would know my social, and that is if he hacked my Skype and got it from my W9 work form,” Seabach said.
Seabach did not believe the tweet at first and just blocked the account on Twitter. An hour later, all of his online passwords were changed. Seabach changed them all back to get into his accounts. The hacker went on Seabach’s accounts, unblocked himself and made Seabach follow him so that the he could private message Seabach.
The hacker asked Seabach for $500 or he would leak his social security number. Seabach did not respond to the message.
“I did not want to feed into this. I’m sure he hacks 40 people a day,” he said.
The hacker proceeded to take over Seabach’s Skype, social security, Gmail accounts and Dropbox. He also hacked PayPal and Chase and took all of Seabach’s savings.
“He hacked everything, just for the sole reason of wanting an audience,” Seabach said.
Seabach went straight to the Department of Public Safety, the Hamden police department and the police in his hometown of Greenwich, New Jersey. The police opened an investigation after Seabach gave them all the details. Since opening an investigation, Seabach froze his bank accounts and created new names for all social media accounts. He changed his Facebook name and plans to keep it that way until things calm down.
“It sucks because it is eight years of doing YouTube, it’s just gone,” Seabach said. “Eight years I can’t get back. My job is gone, my money all gone. It’s a really shitty situation, but I took it as a learning experience. It’s just internet stuff, it doesn’t really matter. The worst part is that I lost complete contact with my clients.”
Seabach also posted on Reddit asking people for advice on what to do after the hack.
“I got a lot of good responses,” Seabach said. “Make your passwords 25 characters long, my old password was 13. I would make my passwords by looking around the room and naming inanimate objects. For example, ‘plastic chair,’ and then a number after. I set up full security on everything. New passwords and new emails for everything. Set up Google Sync, if a hacker
guesses your password they have to put in another passwords to access the accounts.”
Brian Kelly, information security officer, supports the university’s commitment to teaching and collaboration by safeguarding information assets against unauthorized use, disclosure, modification, damage or loss, according to the QU website.
“Our students, faculty and staff are constantly being targeted by hackers and cybercriminals,” Kelly said. “The most prevalent type of attack is via email and called ‘phishing,’ this is where the hackers send you an email pretending to be from Facebook, or UPS or your credit card company trying to trick you into clicking a link perhaps to an infected website or to simply trick you into logging into a fake Facebook or Gmail account with your user ID and password.”
Although these types of cases do not happen that often, in some cases, such as Seabach’s, information security works with local or federal law enforcement to assist students, according to Kelly.
When a student gets hacked and comes to information security with a problem with their Quinnipiac account, Kelly helps reset the password and scan their laptops for malicious software, in cases the impacted accounts are non-QU (Facebook, Twitter, etc.), he can help direct to contacts at those sites.
Kelly provided professional advice for students to avoid getting hacked. He recommends students to take the information awareness course on Blackboard, under “My Organizations.”
“It is important to make sure that the operating system and applications on the laptops, phones and tablets are the most current version and are patched, this applies to both Macs and PCs, iPhones and Androids,” Kelly said.
Kelly emphasizes for students to always feel that they can email or call the information security office with questions.
“If there is something you are unsure of, it’s better to be safe than sorry,” he said.