Sign in Subscribe
Travel

My Laptop Was Stolen in Barcelona — learn from my mistakes

My laptop and passport were stolen in Barcelona, and the thieves tried to hack me. A security wake-up call for digital nomads.

Eduard Fastovski

6 min read
My Laptop Was Stolen in Barcelona — learn from my mistakes

An Online Security Wake-up Call for Digital Nomads

A couple of years ago, I was visiting Barcelona, enjoying a tour of Park Güell when I started getting some strange notifications on my phone.

My card was being used for some purchases I didn’t recognize.

I stared in disbelief as new charges kept rolling in every 30 seconds. My wallet must have been stolen… but wait — my wallet was back at the Airbnb, safely tucked inside my bag.

Along with my passport. My MacBook. All my IDs.

That’s when I realized I was in for a rough time.

For the next two weeks, I would be stuck in Spain, unable to travel back home without a passport, and with no laptop to work from. As a freelancer, this meant zero income for several weeks until I got home and bought a replacement.

But that’s just the tip of the iceberg. What followed was weeks of anxiety as I saw the thieves make multiple attempts to hack into my laptop.

You see if they wanted to sell it, they’d have to get past the password screen to wipe the computer.

And if they did that? They’d have access to hundreds of accounts — my personal accounts and my client’s websites.

If they got access to these, they could use it to blackmail me or my clients.

So let’s learn from my mistakes.

1. Use a strong password for your laptop login.

I’ve always been careful about not getting hacked online, and I have secure passwords for all websites, but I never really considered my device could be stolen. My laptop login password was quite weak.

I purposefully made it very short so that it’s quick for me to type it when I’m at home, opening and closing my computer 50 times per day.

Why not use Touch ID? Well, my fingerprint is almost constantly damaged from bouldering, so it doesn’t work well for me.

Anyway, the short simple password was a big mistake. If my password was better I wouldn’t be as worried.

Make sure your password is at least 2–3 words, preferably not in the English dictionary (another language maybe), and with some numbers or symbols thrown in.

2. I wasn’t using a password manager. Google Chrome is not enough!

If thieves get into your computer and then open up Google Chrome — they can use Google’s auto-fill to log in to all your online accounts.

In other password managers like 1Password, you need to enter a master password before using auto-fill.

You can also set up Two-factor authentication through 1Password, instead of using SMS — which fails if your phone is stolen.

Google Chrome’s password manager isn’t as robust, which is why I have now switched to 1password instead.

2.1 Don’t store sensitive info in note-taking apps!

I have a friend who writes down all his passwords in the Notes app on his iPhone. This is very risky.

Anyone who can unlock his phone, or access his iCloud account through the web, will immediately have access to all his other passwords.

Luckily he doesn’t run an online business.

Maybe you’re not that bad. But you still might keep sensitive data like bank or card info, addresses, or usernames in a note-taking app, or on Google Drive or Dropbox.

You need to move that stuff out of there ASAP and find a better solution.

Again, I’m now using 1password for this because besides being a password manager it also can store your credit cardssecure notes, and identity documents like scans of your passport, driver’s licence, etc…

I have a family account with my girlfriend so it’s easy to get each other’s info from there if needed for travel or if something goes wrong.

2.2 Syncing Google Drive with your computer? Don’t store anything sensitive there.

I had a folder that was synced with Google Drive. It didn’t contain passwords but there were some banking and crypto related things, and ID documents.

Since they were synced to the computer, there is a downloaded copy of all those files on my stolen Macbook.

Dropbox allows you to put an additional password on any folder. Google Drive does not.

3. Enable “Find My’ for Apple devices

I could actually see exactly where my laptop was located.

This is because I had Find My enabled (at least I did something right).

It’s frustrating, because I would love to go there and take it back. It’s just a few blocks away from where I was staying.

Unfortunately, it’s an apartment building. There are at least 20 apartments, and even the Police can’t just go and raid everybody living there.

However, Find My was useful for reporting to the police. I was able to easily get my serial number, and report the exact time it was stolen.

They said that if my laptop starts moving again, I can call the Police and they might be able to intercept it if it’s in a public space.

3.1 Get an Airtag for travelling

In future, I will also attach an AirTag to my backpack and other valuables, so they can be tracked even without an internet connection.

Airtag works through Apple’s “global mesh network” meaning it uses Bluetooth to talk to other people’s iPhones or Apple devices (without them knowing) and they forward that location to your Find My app.

Pretty cool.

3.2 Write down the serial numbers of your devices

Police will ask for this right away so have it ready. If your device is ever found that’s how it will be identified.

While you’re at it, make sure you have scans of your passport too.

4. Enable disk encryption (FileVault if you’re on Mac)

There are ways to get data from your hard drive or SSD without even logging in to the computer. Hackers can connect it to another computer and try to read it.

They might also be able to reset your password through recovery mode.

To prevent this you need disk encryption.

On new Macs, this now comes enabled by default, but if it’s more than a couple of years old you might need to enable it yourself.

On Windows, there is a similar feature called Bitlocker but it doesn’t come with Home versions of Windows, so you might need to look for third-party tools.

Learn how to enable FileVault on Mac. Or check out Bitlocker on Windows (Windows Pro and Enterprise only).

5. Look out for phishing emails

A couple of weeks after the theft, I started getting emails that looked like they were from Apple.

They said my MacBook had been located, and directed me to log in to my iCloud account.

Check the address in the top-left

Luckily I noticed the email address, and the suspicious-looking URL that it sent me to. It was “apple.com-location-maps.com”.

If you read it you can see it’s not a part of apple.com. But visually the page looked exactly like the real login page at icloud.com/find, so I could have been fooled.

If I hadn’t noticed this, I might have quickly logged in to check, and by doing this, the hacker would have received my password.

Why was this happening?

An alternative way to unlock a MacBook when you’ve forgotten your password (or stolen a MacBook) is to log in with the Apple iCloud ID.

The hacker already knows my email — it’s as easy as Googling my name. So now they were trying to get my password too.

This is just an example of how one crime (theft) can lead to further attacks and targets (hacking, my iCloud, my Gmail maybe).

6. If your apartment has a safe, use it! The same goes for apps.

This was my mistake. I ignored the safe and simply left my laptop in my backpack at the room and went out for dinner. My passport and wallet were in there also. They took the entire backpack.

I realized that if an apartment offers a safe, maybe it’s a hint?

The same attitude can be applied to the digital world.

If an app or service offers additional security, don’t ignore it. Consider the consequences of that particular app getting hacked. If it’s not a big deal, don’t worry too much, but if it’s email, Google Drive, Shopify or other important accounts, consider enabling the additional security options.

These tips are quite basic, but important.

Many reading this will be positive-minded and trusting people. As I’m writing this in Thailand, I’m sitting in a cafe where a dude across from me just left his laptop for 20 minutes. He’s nowhere to be seen.

In these places, I think it’s easy to forget about protecting ourselves. But I hope this story reminds you to take some precautions.

Stay safe.