A CNN tech reporter found that his fun and light-hearted social media posts could be used against him. A Tweet about a furniture company, and Instagram hotel check-ins unlocked much more than he had ever imagined possible.

He’d challenged a hacker to hack his life, seemingly thinking that the feat would be impossible. The hacker, Rachel Tobac, proved him wrong. Tobac showed off her improv skills and other well-honed tactics in short order.

Tobac is a three-time champ of the Def Con’s SECTF (Security Engineering Capture the Flag) contest where hackers test their phishing talents against corporate groups. In the contest, each competitor sits in a sound-proof glass box, on a stage, in front of a crowd numbering in the hundreds. The goal is to hack a company, live on-stage. A background in neuroscience and human behavior have contributed to Tobac’s wins.

“Data breaches and hacks get…attention, but a hacker with a good phone persona and a few basic tools can trick customer support agents from major corporations into handing over a shocking amount of private information.”

Here’s what the CNN reporter said in regards to asking Tobac to hack his life: “…she was able to get my home address, my phone number and steal my hard-earned hotel points.”

And that’s not all. Tobac managed to throw in a cruel twist. To learn more, visit CNN.com.