It was Saturday afternoon when I knew it was going to be a long day. We received three emails to our general customer service email, which officially looked suspicious and straight up…well, fraudulent.
Unfortunately, our instincts were right and these emails represented the beginning and end of Apothékary‘s Instagram @apothekaryco. In less than 10 minutes, we lost three years of time, sweat, and tears (mostly happy!) in building our thriving community of 54K followers and daily content of feel good recipes and vibes.
TBH, internet crime is not the sexiest of topics and we certainly don’t talk about it enough..until it personally affects us. But luckily, it’s not all sad and bad — like many things in life, there’s a silver lining.
In addition to tightening up our data, privacy, and general IT security across both of my companies, here are 3 lessons I’ve learned over the last 72 hours.
1. Do not expect your hacker to “negotiate in good faith” with you.
“Our only interest [is] in money”. That should’ve said enough yet in the midst of panic and hope, we tried to negotiate with our hacker and ended up paying him/her $165 in bitcoin. These guys were clearly no joke and experts in the field. Yet we felt like it was worth the gamble to try paying to see if we could get our account back. Unfortunately, they never responded again.
There’s a thing called “dark web” and in that, apparently its own code of ethics. In our case, the hacker really did delete all of our data, stole our money, and straight up ghosted us. Don’t give them any more leverage than they already have, don’t bluff about anything they can fact check, and don’t make them angry.
2. It’s okay to be honest and communicate with everyone from a heartfelt place.
We were lucky. Our community of customers not only lived on Instagram, but also in email, snail mail, wholesale, heck — smoke signals if I have to. Yet, it was a truly awful feeling to feel like we “lost it all”. As a consumer product brand, Instagram is basically our entire brand and how we meet and greet our customers daily. I was scared of what would happen next, anxious about starting over, and grieving the loss of something I couldn’t even see anymore…like it never existed.
That’s the thing with grief. It’s almost “easier” when it’s something physical because you can see, touch, feel all the work you put into it and say goodbye. In the case of our Instagram, I felt like I had nothing to show for the hard work that our incredible team and I put in over the few years. We bonded, cried, and sought the help of our community.
On Monday morning, two days after the hack, we emailed our tens of thousands of customers (some of whom actually reached out to us asking whatsup) and got super vulnerable. They supported us, bought product, spread the word about what happened and began following what is (hopefully a temporary) our new account @theapothekaryco.
So, before this happens to you, and hopefully it doesn’t, don’t let any one thing be your every thing.
3. Ask for help. And take it.
When I realized our account was truly gone and that pressing “refresh” on my browser wasn’t going to bring our page back…I cried. I literally cried into a little ball for hours. The next day, and the day after that, when people checked in and asked how I was doing, I couldn’t help but let the tears slide down my face. On top of a global pandemic and the crazy last few months its been, I truly wanted to quit. Eff. This.
But the outpouring of support from our entire team, investors, friends, and random strangers you meet on the interwebs, has given me signs of hope.
One person in particular, Aaya Samadhi, another women of color who also got hacked by the SAME hacker, shared so much wisdom and literally gave me life support while I was on the ground. She ended up getting her account restored and has been using her voice and platform to spread awareness to our new page and spread awareness around internet crimes and identity theft. With it being an election year, combined with the fact that we’re on our phones more than ever, I am wary of more bad crimes like this happening to others.
I lied, here’s a bonus #4 lesson.
Perhaps the biggest lesson (welp, there’s a #4) here is that no amount of outside validation, be it number of followers or otherwise, that validates your worth. Your thoughts, mental health, richness and quality of relationships – THAT is your worth and frankly can’t be counted, hacked or deleted. I mistakenly interpreted my / our company’s worth with outside validation and that is simply not true. If we get our account back, great. If we don’t, we’re still going to be great and we’ll rebuild with force.
I’m incredibly proud of my team and can’t thank them enough for inspiring me to continue every day. Entrepreneurship is somewhat glamorized but it’s really. effing. hard. Some days you don’t even want to wake up. Some days it takes over your body.
We still have six months left in 2020 to rewrite the script that was a bonkers first half of the year. We are moving forward, not moving on, friends.
Oh, and don’t forget to turn on that two-step authentication. You’ll save yourself $165.