<p>Twice now I’ve had my email account hacked and used to send out spam to everyone in my address book. Both times happened shortly after I’d stayed at hotels and read my emails there. </p>
<p>The latest which happened this morning is two weeks after a hotel stay in which I used both the computer monitors in the lobby and also used my iPad in the room using a network based off my H’s smart phone. </p>
<p>Is there any connection or is this just a coincidence? All I have to do (I think) is change the email password, which I’ve done. But I don’t like my friends getting junk email with my address on it.</p>
<p>It certainly could be. If a device isn’t secured, then someone could put a keylogger on it and send credential back to a server for hacking email accounts.</p>
<p>In general, I avoid public internet terminals. Preferences, in order of increasing security:</p>
<ul>
<li>My own device with encrypted access to a mail server over public WiFi. The danger is that the network is compromised</li>
<li>My own device with VPN access to a secure network over public WiFi.</li>
<li>My own device with its own network access over cellular.</li>
<li>My own device with VPN access to a secure network over my own cellular device.</li>
</ul>
<p>I did use the public computers in the hotel lobby. I think it’s ridiculous that a hotel will charge 12.99 per day for wifi in the rooms. (The roadside motels have free wifi, the more expensive places charge). I am always careful to log out. The computers at this Sheraton said that they scrubbed all information when a person signed out. </p>
<p>It’s this type of thing that makes me too nervous to access my banking information from a public computer terminal. I never do that.</p>
<p>The WiFi in hotel rooms that they charge for isn’t necessarily secure either.</p>
<p>It is odd that lower-priced hotels tend to provide free WiFi while the more expensive ones charge for it.</p>
<p>The problem isn’t the scrubbing - it’s that a “customer” might install malware that isn’t affected by the cleanup process. Sometimes going with a minimal data plan on a tablet like the iPad, iPad Mini or Nexus 7 is a good way to maintain email or other network access if you choose not to have a data plan on your phone.</p>
<p>Sounds like your hotel needs to perform a scan of its public terminals. Incidents like those you describe are the reason why I use hotel terminals to surf the web only, and not check my email accounts. There was the notorious incident at one of the franchised copy centers in Manhattan a few years ago wherein a perpetrator secretly installed spyware on the public terminals, allowing him not only to read your files but to actually operate your computer remotely. Scary.</p>
<p>When you do email, either from your device or the PC in the lobby, make sure it’s an HTTPS session in the URL or Address line where you enter your email provider’s address - i.e. that it has the ‘S’ on the end of it (HTTPS as opposed to HTTP) and that the little lock symbol appears in the browser. This will encrypt the session so that even if it’s over a public wireless connection and someone is sniffing the traffic, they won’t be able to know your user/password. The popular browser based email providers support HTTPS.</p>
<p>If you use the PC in the lobby, it’s always possible that someone put ‘key logger’ software on it to capture all of your keystrokes and thus determine your user/password. You shouldn’t really trust a hotel PC.</p>
<p>Beware if someone hacks your email since in addition to sending random messages to people, which really isn’t that harmful, they could use it to reset your passwords on your bank accounts if you bank online, and other accounts, like Amazon, etc. and then set a new password and then get into those accounts. This is the biggest danger.</p>
<p>However, if all that’s happening is that your account is sending out spam, it probably doesn’t have anything to do with someone truly hacking your email and rather, is a virus due to you opening email attachments you shouldn’t have opened - like the kind women love to send to each other - all the self-help and joke ones they forward around to each other.</p>
<p>Is your email account actually being used or is your name being used? The former is a big problem but the latter is hard to prevent. I used to get spam from myself, meaning email sent to me by an account pretending to be me. It wasn’t sent from my account.</p>
AFAIK - Not in a practical way that a routine hacker can break it. What exactly do you mean by this? That a hacker can easily hack it? I don’t think that’s the case and neither do banks, governments, merchandisers, etc., all of whom depend on it.</p>
<p>^^ From what I’ve been reading it looks like that potential vulnerability has been addressed - i.e. it’s no longer a threat but I’m reading more about it.</p>
<p>Certainly I wouldn’t characterize it as ‘cracked’ though which would imply it’s cracked open, which it wasn’t.</p>
<p>It seems to me that it is a vulnerability and the type that can be addressed on the server-side but companies can take their sweet time upgrading their software to safe levels. This is how TJ Maxx exposed a huge number of credit cards to hackers by using an older protocol in their WiFi networks.</p>
<p>In general, I assume that there are vulnerabilities in wireless networks and that there may be some monitors on wired networks. I met a wireless network security guy once. His job was to penetrate wireless networks to test network security. He had special hardware available to hack into networks.</p>
<p>I play tennis with a guy that works with a networking company and they make a product that can replay browser sessions on computers in the network. Spy-type stuff.</p>