Ok, let's disambiguate the term "hacking". (
Click for an article.)
There are two legitimate uses for the term "hacking". First is the act of reverse-engineering software or files, modifying sourcecode, writing plugins / extensions, searching for bugs, flaws, etc. Hackers can often be found in Open Source software trying to break things (this is how Open Source works, is improved, patched, fixed, etc.).
The second definition of hacking (the one that typically comes to mind) involves actively looking for a hole in a security system for the purpose of exposing the security vulnerability and fixing it (ethical hacking). Hacking typically involves direct contact, at least once, with the target. Direct contact can occur when the hacker visits the site of the security system or contacts someone and poses as security personell or an administrator. It may also involve directly searching for physical copies of passwords. In cases of ethical hacking, the target may provide information about themselves intentionally to test their security system, and hackers will be enticed to attack the system by way of a contest.
Legitimate hackers (ethical or not) are contrasted with "script kiddies" or "crackers". A script kiddy is someone who does not do any hacking on their own. Instead, they simply read about a security exploit that someone else has found and documented, and then search for someone who has not yet updated their system, software, etc. This is further facilitated by software branding that is commonly used on web software packages (such as PHPBB) which makes the software being used easier to identify and attack and also compounded by poor administration of such software (admins who do not update their software when new security fixes are published and released). This is not hacking. It is simply a step-by-step reproduction of a security vulnerability, essentially duplication of a bug in the software.
In most cases, activities that are percieved as "hacking" are due to negligence on the part of the victim or on the part of the administrator responsible for the victim's account, etc. As Kagenutto mentioned, if you are irresponsible in your security practices and do not take the time to secure your system, you are vulnerable to attack.
Here are a few tips for preventing your system, account, or personal information being hijacked, "hacked", or whatever.
1. Use alpha-numeric passwords. Example: ar23ul57qe, EReKJ873L, aE87kjOl83, etc. Do not use a dictionary word as a password. Some brute force programs use dictionaries to attempt to guess your password. Also, do not use any personally-identifiable information such as your name, birthdate, etc.
2. Change your password frequently. Once a month would be good for a casual user. Once a week would be better for an admin.
3. Do
not use the same password everywhere. Passwords should probably be unique to each site.
4. Don't use the same account name and username everywhere, especially in places where the account name doesn't affect community identification. I.e.
do not use the same name for your SRO character and SRO account, and
do not use the same account for SRO as you do for the forums.
5. Secure your passwords. If you write them down, keep them in a locked filing cabinet. Don't leave them on your desk, especially at work. If you store them on your computer, make sure they're encrypted. (An easy way to encrypt text on a computer is to type it in a BMP or JPG file as it will not be indexed / viewable with a text editor. Just make sure you secure this image file, in a password protected folder, archive, etc., or removable media which you can physically secure.)
6. Do not share your password with anyone. If you need to allow someone else access to a system, make an account for them or have a system administrator make an account for them. Otherwise, you should log them in / out and directly monitor their usage.
7. Do not download cracks, keygens, trainers, etc.
8. Do not open any e-mail attachments you weren't expecting.
9. Regularly scan your computer for virii and spyware.
10. Do not save passwords on your computer. There's a tradeoff between convenience and security when storing passwords. Be very careful, because most stored passwords are
not encrypted. They are simply stored in the registry or in a text file (especially for websites).
11. Flush (delete) your cookies when you exit your internet browser. Firefox can do this automatically.
12. Never put your password in a login macro or any other automated input device.
13. Keep your e-mail addresses current. In the event you need to retrieve a lost password, you'll almost always need to have a functional e-mail associated with an account.
14. Be careful in cyber-cafes; make sure you log out of your account(s) and make sure not to store your password. You may also want to avoid cyber-cafes alltogether, as there could be keyloggers on the machines and you'd have no way of knowing. Ask the proprietor about his/her security measures.
15. Make sure your home network is secure, particularly if you have wireless internet. Don't do banking on a public hotspot / WAP.
16. Keep your system up to date! You've heard it elsewhere, I'm sure. There's a reason for it.
I'm sure there's at least one security professional floating around on here who can point out a few other tips. Keep in mind that you can cut corners with security for convenience, but that's a calculated risk and you should be aware of the potential consequences.
nuff said.