The latest issue of Wired has a lengthy, utterly creeptastic story about Linkin Park frontman Chester Bennington, who was cyberstalked by an employee of Sandia National Laboratories–a federal nuclear-research facility–for more than a year, and how the woman who did it–changing passwords and sending out spoofed e-mails all along–found out how to access his personal information:
The stalking started after she saw Chester’s email address inadvertently CC’d in a mass mailing to promote a tattoo parlor he owned in Tempe. Using Chester’s birthday and zip code to access his Mac.com account, she started guessing passwords until she found the right one: his middle name, Charlie.
Townsend suddenly had access to all of her idol’s messages. Soon she had Talinda’s Yahoo address, too, and after guessing the password, she reset it. From there, her infiltration was a feat of feverish social engineering. As Townsend pored through the Benningtons’ email, she began cataloging every detail of their lives: friends, Social Security numbers, photos, plans. Getting Chester’s cell phone data was a snap: All she’d needed was his wireless number, his zip code, and the last four digits of his Social Security number to register his Verizon account online and get complete access to records of his calls. Even Townsend herself seemed astonished at how easy it was. When she opened the Verizon account, the user ID she chose was “ohshititworked.”
Why did you do all this? Dimitrelos asked. In flat tones, Townsend told him that she was bored. Her job at Sandia took about half an hour a day, and she was looking to pass the time.
Townsend was, in fact, a fan, and she was even wearing a Linkin Park hoodie during the questioning that eventually led to her detention. The story’s a fascinating, sad read, and we came away from it with one important lesson that, apparently, enough people don’t seem to understand: If you’re a high-profile figure, don’t choose an e-mail password that can be guessed from details about your life that are on Wikipedia.