Jack Leishman of Ashland woke up last week to a cyber nightmare: Someone had hacked into his Gmail account and sent emails to his friends asking them to send money fast because he was stranded in Britain, and had his luggage and credit cards stolen.

Jack Leishman of Ashland woke up last week to a cyber nightmare: Someone had hacked into his Gmail account and sent emails to his friends asking them to send money fast because he was stranded in Britain, and had his luggage and credit cards stolen.

Leishman, a nutritional therapy practitioner, was safe in Ashland, his Facebook filling up with warnings that he'd been hacked, as few friends believed the bogus story. However, a few loyal friends were "right on the edge," about to call the number in the "phishing" email and transfer funds.

It took Leishman days to unravel the mystery of the successful hack, which took all of his past emails and addresses — seriously hampering his business.

The problem, he says, seems to have come from using a password that was too simple, all in lower case and not frequently changed.

The password? "mindful123."

"It happened because, like most people, I wasn't vigilant enough," he says. "I thought it could never happen to me. Almost all my passwords weren't robust enough."

Robust, he says, means mixing letters and numbers, capital and small letters and using words that aren't real words. Then you must make sure to change the passwords every few months and don't use the same password for everything.

Using the widely available free email accounts increases vulnerability, says Leishman, because emails and addresses are in the "data cloud" in far-off hard drives, "not behind my firewall in my computer."

Leishman uses a PC and says he's aware Macs are harder to hack.

The hack attack put Leishman through an emotional roller-coaster as he scrambled to determine his loss, recover addresses and find out whether files in his computer had been compromised. They hadn't.

"I just had to let go of it," he says. "I went from very angry, finally to acceptance."

He filled out an online Google form, telling the company of the attack and asking for help recovering e-mails and addresses.

His first two attempts with Google went unanswered or he was told he was placed in a long queue of people needing similar help. On the third try, Google returned some of his e-mails, but "I lost almost everything," he says.

One Facebook friend told him, "This is the 'dark side' to cloud computing. I stopped using Gmail for these exact reasons. It's free but not without limitations on security and integrity."

Another Facebook friend suggested strategies. "I had my system configured so that ALL of my incoming Gmail e-mails also flowed into my main work computer, and I optioned to get a copy of all e-mails I sent through Gmail to my desktop/main computer, I had backups of everything."

Leishman conferred with others who have been hacked. In addition to employing complex passwords, he installed a reputedly hack-proof e-mail, Thunderbird, from Mozilla and learned how to backup e-mail.

In his research, Leishman says he got a likely scenario of how hackers go phishing: "Imagine some Russian on a million-dollar yacht with $100,000 worth of equipment running random matches and getting a match, then searching e-mails to see if there's anything of value, then sending a phish e-mail to the address list."

John Darling is a freelance writer living in Ashland. E-mail him at jdarling@jeffnet.org.