Following this incident, he also believes it's better to use a @gmail.com address as a user name for online accounts rather than an email address created on a personal domain, since attackers could gain access to the latter if they hijack the domain name.
Using two-factor authentication for accounts that support it is a must, he said. "It's probably what prevented the attacker from logging into my PayPal account. Though this situation illustrates that even two-factor authentication doesn't help for everything."
Sign up for CIO Asia eNewsletters.