Gmail hacked

Topic

New Reply

Has anyone’s gmail account been hacked recently?

Sometime Monday night (5/3/10) someone hacked into my gmail account and sent an email with no subject to everyone in my gmail address book. The only text in the message was “greenjug91.chat.ru”. I have taken all the precautions and have a strong password, but was unable to login to gmail Tuesday morning without going through gmail’s re-activation scenario and creating a new password.

I am using IE8 with Vista.

Reply | Quote

Replies

Check your Gmail settings for any filters and redirects that may have been set up too. There was a report in a UK newspaper about someone whose Gmail account was hacked and a filter added that redirected any emails from his bank. The hacker was then able to use the person’s online account to remove money from his account without his knowledge.

Reply | Quote

Maybe your strong password was not strong enough?
I use KeePass to generate and store my passwords.

cheers, Paul

Reply | Quote

I checked my Gmail settings and all seemed to be OK.

I’m using LastPass which will also generate strong passwords, but the ones it generates are really hard to remember.

The odd thing about all this is that I’ve been using Gmail as my primary email for several years. This is the first time this kind of thing has ever happened. I wish I could figure out where the email came from and how to report it to the folks at Gmail. I waded through all their help pages and never found a way to email them.

Reply | Quote

Are you sure that you account just was not spoofed and it just appears that the email came from you?

DaveA I am so far behind, I think I am First
Genealogy....confusing the dead and annoying the living

Reply | Quote

You don’t want passwords that you can remember, it means they are less secure. Here is an example of a nice secure password, although it’s probably not long enough: kIz7(;0CJz^Ak:&

cheers, Paul

Reply | Quote

DaveA: Maybe it was spoofed. All I know is what I put in my original post.

Paul: I am using the “pass phrase” technique to create my passwords. Your password is great (as well as the ones LastPass generates) as long as the only place I use gmail is on my home computer where I don’t have to worry about remembering the password. Alas, I need to access gmail at work too.

Reply | Quote

Paul: I am using the “pass phrase” technique to create my passwords. Your password is great (as well as the ones LastPass generates) as long as the only place I use gmail is on my home computer where I don’t have to worry about remembering the password. Alas, I need to access gmail at work too.

Sam, you’re missing the whole point of LastPass – you can access your stored passwords from anywhere… including work. If you can’t download the LastPass app to your work computer, from your work computer just browse to LastPass.com and log in. You now have access to your LastPass vault and all stored passwords. You can do this from any computer anywhere without having to be concerned about typing in a password on a public or work computer.

Reply | Quote

I couldn’t sign into my Gmail (also used as primary email for several years now) earlier this week — had to do the verification via phone thing.

Once I could get into it, I immediately changed my password and my security question/answer, and looked around for any sent messages… will go look for redirects/filters now — good suggestion!

I then scrolled down to the bottom and clicked on “details” next to “last account activity” and what I found was pretty scary. My account had been access via “mobile” in three different countries!

I had the following mobile accesses listed:

Germany (87.166.85.188) on 5/2/10
Germany (94.220.88.204) on 5/2/10
Serbia (77.46.194.64) on 5/3/10

Switzerland (213.196.134.89) on 5/3/10

It was about an hour after the Switzerland access that I tried my email and got the message that it had been temporarily disabled.

I’m thinking/hoping that nothing actually got sent from my account because Google recognized the pattern of European accesses and shut it down in time. I don’t know, however, if anything in my account was actually read at that time.

You can try to see if you have odd IP access as well, but Gmail only shows the last ten access attempts, so if you’ve logged in more than that, they’ll have cycled off the page.

I think it’s really odd that a whole bunch of accounts got hacked at the same time… does Google have a security issue?

Reply | Quote

KeePass allows me to take my passwords anywhere and use them when I want.

cheers, Paul

Reply | Quote

KeePass allows me to take my passwords anywhere and use them when I want.

cheers, Paul

Last Pass does the same thing and stored passwords are encrypted. I have had great success with Last Pass and use it at home and at work.

Reply | Quote

Do you always log out of your Gmail account? That is a good practice to follow.

Here are a couple of articles that might be useful:

Hacking Horror Story…
http://www.ghacks.net/2008/11/06/hacking-horror-story/#more-8099

Google Mail Account Security Tips
http://www.ghacks.net/2009/10/29/google-mail-account-security-tips/

Reply | Quote

I always log out of my gmail account when I use it away from home. I do not log out when at home since I live alone.

Reply | Quote

I always log out of my gmail account when I use it away from home. I do not log out when at home since I live alone.

Whether you are home or not doesn’t matter. If you leave accounts open, sometimes, hackers can find their way into them.

Reply | Quote

It happened to me last year. It is a case of someone guessing your password. They also alter your signature file to send the advertising message. Make your password harder to guess!

Reply | Quote