That free wifi at the coffee shop cost me my login

Last Tuesday I was at Brew & Bean on 3rd Street. Jumped on their open network to check my email. 10 minutes later my bank app locked me out. Someone grabbed my session cookie. They got into my account and tried to transfer $400. Took me 3 hours on the phone with fraud prevention. All because I clicked 'connect' without thinking. Now I only use my phone's hotspot for anything with a password. Has anyone else had a session hijack happen that fast?

2 comments

2 Comments

maryadams21d ago

Read that even encrypted sites can't always protect against session hijacking on public wifi.

christopher_singh9221d ago

Yeah but "free wifi at the coffee shop cost me my login" sounds like you clicked something you shouldn't have clicked... I've been using public wifi for years at like five different coffee shops and never had a session cookie stolen. Maybe your bank app just sucks or you logged into some sketchy site before checking your email. Hotspots aren't bulletproof either, people get hacked through those all the time too. I bet you were on some old router with no password at all, not even the basic WPA2 stuff.