It seems like more and more frequently, articles about email and Facebook hijackings appear in the news. Although the news frequently calls them "hacking", the actual method tends to be either guessing the password or abusing the "security questions" in the password reset feature. If you're not concerned about this, you don't understand the potential consequences of losing access to your email. George Bronk, the extortionist in this case, searched his victim's email accounts for nude pictures and videos. He sent what he found to the victim's friends and frequently attempted to extort the victim further. He also utilized his control over the victim's email accounts to gain control over their Facebook. Had he been more interested in monetary gain, he could have just as easily used the password reset feature for the victim's bank accounts to clean them out financially too.
Incidentally, this was the same method used by David Kernell to gain access to Sarah Palin's email account.
So, what can you do to prevent something like this? The article above provides some suggestions about false password reset answers ... but that poses problems of their own. If you provide false information for your password reset questions, you need to make certain you can remember the answers when you actually need to use them. If the account allows you to create your own password reset questions, that might help you make answers that are memorable to you and difficult to discover.
Another suggestion is to keep your social networking (Facebook, MySpace) privacy settings under tight control, and be careful what you share on them and who you "friend". Remember, friends can usually see more of your profile than people who aren't friends.
A fun exercise is to try thinking like a hacker ... logout of your Facebook (so you can only see the public profile) and then see if you can find out enough information on yourself to answer your own password reset questions. Pretend you don't know anything about yourself, can you break into your Facebook? Your email? Can you find out what bank you use and get into that?
Do you have any additional suggestions? If so, please comment. I'd love to hear them.