[Note: This one's more of a rant than a proper pierce, but there are seeds for bigger ideas here, AFTER trimming the fat and reworking the narrative to describe the years of suffocation, rather than being a splurge of in-the-moment frustration.]
A few days ago I received an email from a service I use, informing me that someone had logged into my account, changed the password, then the email address, attempting to permanently block my access and steal it from me.
This is a secure account, made with a password that would literally take over a million years to crack. So I’m shitting myself. The only way someone could gain entry is with my master logins, which means they have access to everything… which would be a disaster of potentially life-ruining proportions.
I immediately panic, wondering just how completely fucked I am. If someone’s broken into my most secure accounts, that means things like my bank account and personal emails could soon be out of my control too, and in the hands of unknown malicious parties; my passwords are always strong, so the breach must have happened through malware, which is terrifying because I’m careful enough to keep myself safe, so this must be some deep level infection stuff, possibly leading up to a ransomware attack, the absolute worst of all of them, and something I’ve been paranoid of for years, imagining the severity and damage one could cause me, potentially even for companies I’ve worked with, by impersonating me through social engineering to gain control of even bigger fish, myself just a collateral casualty along the way…
Luckily, the service support are extremely helpful, they reset things so I can login again. I find that the perpetrator has also wiped my name from the account, but the new name tells me who the culprit is, or at least, the entity: A company I used to work for. Years ago. They’d somehow got my logins and attempted to hijack my account and re-work it into their own.
Right. Not as catastrophic. I can imagine myself giving personal logins out to work friends; in this case, to read some non-public documents. But then the next panic strikes: I’d only have given stuff like this to mates, who would speak to me first, and not pull something as sleazy as this. And with most people I know having left that company already, I’m almost definite that there’s not one person still there I’d have trusted with this.
So whoever did this must be a rando, someone I wasn’t on fully friendly terms with… so what does that mean for my security now? Where was the gap this had fallen through? What else do they have? Did I even provide these logins, or did they collect them from my work machines’s saved passwords? What else do they have access to, and how much damage have they done to my other accounts? Paranoia levels rising again.
To put this into perspective, imagine that years ago, you’d use your friend’s laptop to check your emails and other stuff, leaving yourself logged in because you’re good mates and trust them completely. But now you find out that that laptop was passed on to an old flatmate of theirs, with your data still on it, and whoever has it now has logged into your accounts and reset your logins, barring you from access. Your mate doesn’t know who has the laptop now, and neither do you. You didn’t need to. This wasn’t supposed to happen.
So I message my old manager, tell them what’s happened, ask them to look into it. It’s late Thursday, after hours, so I expect to hear back sometime Friday.
This is a serious issue. It wasn’t an old work email they logged into, this was a personal account, registered with a paid service long before I started working with the company in question, and which they would have successfully stolen had the service not notified me. That’s account theft and a breach of data protection. This is serious legal territory we’re talking about.
Friday comes and almost goes, I’ve heard nothing, so I message them again. I get a reply right away, like they’ve addressed the issue internally but couldn’t be bothered to tell me what’s going on. They tell me it was a mate of mine who actually does still work there, let’s call them James… but that’s weird, James is in a different department, why would he have my logins? And I know for sure that he’d have spoken to me first, not hijack the whole bloody account without a word to me.
The manager also asks if I used the account with some unrelated proprietary product in a way that doesn’t make any sense. I tell them no, tell they why, and resist the urge to tell them that’s stupid. But I can see what they’re trying to do: Turn it around and place responsibility on me somehow.
And suddenly I start to remember things. This has all played out before. Not this exactly, but dozens of things just like it.
I remember the reason I would have shared my info, everything so tangled up in nonsense that it was impossible to get the company’s own details for this service; every core worker in my department knew they existed, but nobody knew who had them. They’d be dug out eventually, after a few weeks of constant face to face reminders and an endless chain of emails. You’d see your manager, ask them once again for the logins, and they’d tell you, oh, yeah so-and-so emailed me them a week ago. Like it was no bother to find them at all.
But you’ve needed those details this whole time, they unlock stuff that sets the course for your work. So you’ve been at an arbitrary standstill, weighing down your cognitive load and blocking your progress, forcing you to find workarounds that bridge the temporary gap in your intel, of of which will have to be unstitched again later, at an even bigger time cost. All while waiting for someone to find something that was apparently easy to locate.
And every time was like this. Every request for information met with a brick wall of apathy. Nobody knows a single thing until it turns out, they knew everything all along. You could follow the chain of command, do everything by the book, and all it’d get you is hours or even days behind on your work, a Kafkaesque system seemingly designed to obfuscate your work goals.
So you learn to depend on each other instead. Look out for one other, share personal logins among yourselves, take care of your mates because everyone above is either careless or clueless.
So I ask James, who has no idea whatsoever. It certainly wasn’t them. I message my old manager again, tell them what they should have known already, that it wasn’t James.
I tell them to find out where the breach occurred, why they still have my details, and to scrubbed anything they’ve kept. They say, “I’ll have to look into it next week as James is off. At least no one died”.
See what they did there? I tell them, again, that it wasn’t James, because I just spoke to him. But again, I see through their tactic: What they’re saying by “at least no one died” is that nothing I can say — no matter how strongly I voice my concern for my online safety and the fact that my old company tried to steal my personal account — any of my feelings are essentially invalid, because it’s not life or death. Indirectly saying I’m blowing things out of proportion, attempting to lessen the facts of the issue, masquerading it as a joke, something you can pass of as “only kidding”. That’s usually a late-game play, so I guess they recognise how serious this is.
What’s worse is that, over this whole conversation, I’ve already been giving them outs. I don’t chase them until absolutely necessary, giving them time to be proactive and show that they’re dealing with this professionally. I mention a video game we used to play and talk about, so there’s an option to change course to a lighter chat after hashing out the unpleasantness. And I remark on how silly it is that this even happened, when it could have been saved with a quick message to me, highlighting the real cause of my frustration, the fact that someone went behind my back to do all this. Pointing to the metaphorical pressure release valve with obvious verbal gestures.
But that last one’s a problem, isn’t it? Because it admits that someone is at fault, and that someone isn’t me. Can’t even address it, must distract, must divert, must defend.
And again, the memories come back to me. The things I already knew but let myself forget. The countless times I’ve already been through this. The frustration, the claustrophobic feeling of being trapped in an unwinnable situation. The reality of having to deal with yet another person terrified of accountability and conflict, who will do and say anything to avoid both, principles long since discarded, a cowering wimp gnashing their teeth the instant someone comes close, completely unable to handle their own feelings. And powerless little me, knowing that, for a time that seemed endless, my future was in their greasy little hands. The exhaustion that came with all this.
And now they’re tasked with investigating existing and potential damage done to my privacy and personal matters. At least now, I’m not trapped with them. Speaking to them in particular was only a courtesy, one I’m no longer bound to. I don’t have to follow their protocols of nonsense anymore.
But the silver lining to all this? Sometimes, after you’ve been out of the bullshit lake for a while, it’s good to be reminded of how deep it went, and how hard you had to fight to get yourself out. Or, rather, how easy it was, once you realised it’s all just make believe.