Previous: I'm Having a Lot of Feelings
Next: Why We're Donating $6,500,000



View count:216,369
Last sync:2024-05-15 12:30


Citation formatting is not guaranteed to be accurate.
MLA Full: "They Hacked Me." YouTube, uploaded by vlogbrothers, 18 October 2019,
MLA Inline: (vlogbrothers, 2019)
APA Full: vlogbrothers. (2019, October 18). They Hacked Me [Video]. YouTube.
APA Inline: (vlogbrothers, 2019)
Chicago Full: vlogbrothers, "They Hacked Me.", October 18, 2019, YouTube, 03:46,
Thank you to Sherri Davidoff from LMG Security for helping me both with this video and also with recovering from my hack.

If you're thinking "I won't get hacked, I'm not a public person like Hank," that does NOT protect you. Most hacks are just looking to make a quick buck, and they might just hang out in your email and wait until it looks like you're going to make a significant financial decision like buying a house or a car, and then strike just at the worst possible moment.

Take it seriously! You'll thank yourself!

Subscribe to our newsletter!
And join the community at
Help transcribe videos -
John's twitter -
Hank's twitter -
Hank's tumblr -
Listen to The Anthropocene Reviewed at
Listen to Dear Hank and John at
Good morning John,

I’ve had a not very good week if we’re being honest. On Sunday, I was putting Orin to bed and I noticed I had gotten an email that was a response to an email that apparently I had sent but it wasn’t from me.

So I freaked out, the first thing I did is I gave Katherine my child and I said help. And then I looked to see if there we’re any logged in devices to my Google Account that weren’t me and there weren’t any and there hadn’t been for a while.

So that was great news. It turned out that the email they had received from inside a help desk of an app that I hadn’t logged into for years. And that wasn’t that big of a deal but also, they had tried to access like dozens of different accounts using an old password that had been compromised that I don’t use very much any more but was in use on some platforms.

And I’m not gonna lie- they got into a couple of places and they didn’t do it with like super computer program-y stuff, they did it because I was lax on security and they took old passwords that were associated with my accounts and tried them with my email addresses in other places to see if it would work- and it did. They didn’t seem to get into anything super important but it’s hard to tell and I didn’t really know that for a long time.

I said to my friend, who is a security consultant, “It seems like I dodged a bullet.” She said, and I quote, “You didn't doge it, you got grazed and there are more coming.” So that’s how her head works.

But it’s true, hacking is inevitable: I asked on Twitter and 30-something% of people said that they had never been hacked so most people have.

And also, probably most of those people have in 1 way or another been hacked, they just don’t know it or don’t think of it that way. You can get hacked and not even know it; there are dark breaches- Yahoo, Yahoo had billions of accounts leaked and didn’t notice for like years which means there might be other platforms out there that have been hacked and no one knows yet and those passwords are on sale.

Which is why it’s so important to use a password manager- I use LastPass, there are several others. They are all much better than not using password managers mostly because you can have unique passwords for every account. If you don’t do this then 1 thing gets compromised and suddenly you have this cascade of tons of things that are now vulnerable.

It was a super stressful thing- mostly because I didn’t know how much stuff they had gotten access to for a long time, I still don’t really know. And also it has taken me a couple days to really dive deep and make sure that all my passwords are not compromised and I’m not using any duplicates. 

But maybe my experience can be a wake up call and also a call to change some things- not like you but us as a society. But first, when it comes to you here are things you should do:

1. Go to have My email address, which is admittedly quite old, has been involved in over 30 data breaches .

2. You have to use a password manager otherwise you’re gonna have duplicates and you’re gonna have weak passwords and yes, this isn’t just a sign up thing. It’s probably gonna take hours of work to get all of your accounts into a password manager and make sure you don’t have any duplicates.

3. And finally, yes it’s less convenient, turn on two factor authentication for every account that you have that contains important data or financial information.

But there are also things that we need to force companies to do: 

First, we need to force them to have two factor authentication that isn’t based on text messages which aren’t encrypted.

Second, we need them to give us convenient access to some kind of tool that tells us where we are logged in from all of the time and keep records of that.

And finally, this is very possible but mostly not being done- we need companies to give us access to tools that let us see what has been done on our accounts. Because knowing you’ve been hacked is not the same thing as knowing what those hackers did. Giant, powerful, very wealthy internet companies are you listening?- make this easier. Help us or you know, barring that politicians- make them help us.

John, I’ll see you on Tuesday.