We've been hacked.

Johnlev

Our e-mail got hacked last week, which has been no fun getting it fixed and sorted. I asked our IT specialist the obvious questions on how it occurred and he pointed to a possible vulnerability in the old and venerable Sitelink environment as a possible problem area. Any body else had a problem like this?? 

themage

It is far more likely that someone figured out or already knew your email password. I don't mean it is impossible that someone used Sitelink to do it, but there are far easier ways.

We did have, a few years ago, pretty regular attempts to access our security systems from Russian and Chinese IP addresses (just means someone was trying to hide their real location). Once in a long while we will get an "attempted login" message from our email. It is usually someone who mistyped a similar email address.

"Best practices" right now include 2FA and regularly changing the passwords. Unfortunately, that's not really sustainable as long as someone needs to remember all the new passwords.

Our email provider notifies IT and the company owner if any computer other than our office or Sitelink tries to log into our email. Annoying when I need to check it from my phone, but not intolerable.