gMail A/c hacked

JimFin · 27-04-2012 11:55am #1

hi,

My gMail a/c is after been hacked, says my password changed an hour ago. I have no idead how this happened and am very concerned about it. I use the a/c alot and there is a lot of important information in it.

Can anyone provide me with a direct phone contact in google that may be able to help as the tech support said it would be 3-5 days before they investigate it.

Anyone offer any advice at all or past expierience?

El Inho · 27-04-2012 11:57am

happened to my windows live account about a year ago.

but i wasn't locked out of the account...which im presuming you are right now?

JimFin · 27-04-2012 12:00pm

Yes fully locked out. Can see the alternative email address changed to something unusual. How I'd love to walk into the room where the hacker is right now :mad:

Owen · 27-04-2012 12:01pm

It depresses me that in 2012 'My password or security question was guessed' equates to 'my email was hacked'.

JimFin · 27-04-2012 12:05pm

Thanks for the concern Owen but as an IT professional for almost 20years I am a little better in the know than that and can assure ya my password was not guessed.

I have no idea how this happened but can tell from some of the signs that it has been hacked.

AnCatDubh · 27-04-2012 12:10pm

I don't think you'll get a direct number so you'll need to go through the process ( presumably you've gone through something like this )

If you reckon your password was secure - that a bot wouldn't guess it, then i'd be a little concerned that you may have a key logger active on your machine sending login details of anything that you log in to.

If it was a guessable password (any word in a dictionary, names list, etc..) then you probably just need to recover your a/c.

I'd recommend when you do get it back and if it is important stuff that you keep in there (don't we all!) that you give google your mobile phone number and set up two factor authentication. Before you (or anyone) logs in to your account, even with a valid password, they will sms text you a code, and without that code they won't allow login. This is a free service from google.

Good luck with it.

JimFin · 27-04-2012 12:18pm

Thanks AnCatdubh, wht worries me is that I never set up a mobile no with the a/c but there is one attached to it now or so it tells me.

El Inho · 27-04-2012 12:24pm

JimFin wrote: »

Thanks AnCatdubh, wht worries me is that I never set up a mobile no with the a/c but there is one attached to it now or so it tells me.

it sounds like the strangest hack...

i don't see the benefit of the perp linking a phone to it. It hardly mean they are trying to look more like you or something?

Is it entirely impossible a colleague but a key logger onto your machine and is laughing at you from across the room?

JimFin · 27-04-2012 12:31pm

Yea eldawardo it is completely impossible, nobody where I work would chance going that route due to company policies. In any case this is more sinister, the portion of the alternate email address that I can see indiactes it is a very unusual email wich chars like x and z included.

I sent google a fax about it

El Inho · 27-04-2012 12:35pm

JimFin wrote: »

Yea eldawardo it is completely impossible, nobody where I work would chance going that route due to company policies. In any case this is more sinister, the portion of the alternate email address that I can see indiactes it is a very unusual email wich chars like x and z included.

I sent google a fax about it

well wish you all the best man. unfortunately I don't see google caring too much. While I think they are one of the bigger ones, they are just simply massive.

that email does sound sus...like its generated automatically, which suggests an automated system alltogether...

if you hear anything back post it up...be interesting to hear exactly whats going on. Think gMail had a lot of changes lately...would be interesting to hear if any of those caused a breach.

infodox · 27-04-2012 3:41pm

JimFin wrote: »

Yea eldawardo it is completely impossible, nobody where I work would chance going that route due to company policies.

I snipped your quote to point out two things.

1. NOTHING is EVER completely impossible. EVER.
2. Company Policies stop NOTHING. A malicious coworker could EASILY pop a keylogger or RAT onto your box, sniff your traffic, MITM your SSL connections, or even *look over your shoulder* and get your password.

Hell, most "IT Professionals" have it on a post-it note on the screen, under their keyboard or even *gasp* in a drawer.

You likely were owned by either:
1. Phishing
2. Malware
3. Sniffing.

So, the question is:
Pissed off any co workers lately?
Kept up to date with your patches? Including third party/browser/java/flash?
Shared any USB keys or borrowed any?
Browsed any dodgy sites?
Downloaded and ran any software, plugins, or "updates"?
Have decent AV? Is it up to date?

And so on...

P.S: Sorry if I come off as very abrasive/asshole-ish, but eventually one gets sick of ""No it couldnt be that Im a professional". The sheer number of IT "professionals" and security "professionals" I have seen get owned...

27-04-2012 5:45pm

Have you used your gmail password for any other sites?

liamo · 27-04-2012 10:04pm

infodox wrote: »

P.S: Sorry if I come off as very abrasive/asshole-ish, but eventually one gets sick of ""No it couldnt be that Im a professional". The sheer number of IT "professionals" and security "professionals" I have seen get owned...

+1

I am one of those "professionals" and I was well and truly owned a few years back.

I still blush at the memory of my indignant emails to eBay asking them to tell me how they could have allowed my account details to be leaked as I couldn't possibly have been responsible because I'm - y'know - "A Professional !!"

Shortly after my account was re-activated I remembered having receiving an email a few days previously (which, in hindsight, was of course a perfect example of phishing) from another eBay-er. I did what I had repeatedly advised others to NEVER EVER do - I clicked on an untrusted URL which led me to a page requesting my credentials, which I duly supplied. (Doh!)

I know a number of other "professionals" who have been similarly duped so perhaps we should start referring to ourselves as "amateurs" instead!!

syklops · 30-04-2012 3:52pm

JimFin wrote: »

Yea eldawardo it is completely impossible, nobody where I work would chance going that route due to company policies. In any case this is more sinister, the portion of the alternate email address that I can see indiactes it is a very unusual email wich chars like x and z included.

I sent google a fax about it

Policies :rolleyes: I work in infosec and we have a policy of not copying company documents to personal devices. Guess what I spent the last hour doing?

A few people are saying keylogger/RAT, but I reckon it was wireless traffic that was sniffed. The OP connected to a wireless AP somewhere which had been pwned, and all traffic got routed through the 'hacker's machine, snarfing URLS and stealing sessions.

Also, owen didnt say he bet your password was guessed, he said your security question. If the security question is "What is your mothers maiden name", and you said Green, and her maiden name really is Green, thats a very easy thing to figure out.

infodox · 30-04-2012 11:27pm

as syklops said - sniffing is a likely vector. Someone can VERY easily reroute your traffic and sniff all your stuff - and using SSLStrip the "secure" connection is not worth a damn.

Though... Theres a phone attached now, if you get the number give them a call and ask how they did it

syklops · 03-05-2012 9:47am

Actually I said wireless initially because that is really easy(you can even do it from an android phone), but you can spoof a switched LAN, so really anything if you put your mind to it.

mooonpie · 03-05-2012 10:04am

Step by step post how (and why) to set up GMail's 2 factor auth. http://www.codinghorror.com/blog/2012/04/make-your-email-hacker-proof.html

More interesting is the link in the first paragraph, to a "harrowing cautionary tale", that tells the story of how a couple went about reclaiming access to the wife's GMail a/c after it was well and truly owned. Long read though: http://www.theatlantic.com/magazine/archive/2011/11/hacked/8673/

JimFin · 03-05-2012 12:59pm

Just to update on what happened since I first post.........

Logged the call with Google via the password recovery forms. Gave as much information as I possibly could to prove I owned the a/c. There is simply no way whatsoever of contacting Google by phone. Although I did read if you have any sort of contact within the company they may be able to nudge your case up a little.

I also reported the problem on the google product forums. While mods on there aren't google employees, any mod with a little blue mountain icon beside their username will have access to google and they to may be able to help get your issue looked at.

I lost the a/c on Fri morn, had it returned the following Wed afternoon. I was lucky and got "an ordinary decent hacker" who didn't delete my mails, didn't send out reuests for money and didn't frustrate the recovery process by replying to the mails in the Inbox from google saying there was a request to change the password.

Everyone should turn on two-step verification on your gMail accounts - do it now if you don't have it already. Its an extra layer of security that you may be very glad of one day.

As for how I got caught out, well I was and still am certain it was not a work colleague. Shortly after the password got changed, a payment was made from my PayPal account to a Czech telephone company for abut €40 (same paypal and gmail password

). I am still not certain but think I got caught out with a Phishing scam, despite sending an email warning to all my work colleagues only last year. I made a paypal payment on Thursday night and the email was in my inbox on Fri morning - I assumed without thinking that it was a follow up, clicked a link and logged in to a paypal a/c, the site crashed IE and I thought no more of it and shut down IE, logged in again the normal way and was happy out. As I wasn't taking much notice I can only assume the first mail Phished me

:o

You live and learn - but do keep different passwords and do take steps to secure your account.

syklops · 03-05-2012 1:21pm

JimFin wrote: »

As for how I got caught out, well I was and still am certain it was not a work colleague. Shortly after the password got changed, a payment was made from my PayPal account to a Czech telephone company for abut €40 (same paypal and gmail password ). I am still not certain but think I got caught out with a Phishing scam, despite sending an email warning to all my work colleagues only last year. I made a paypal payment on Thursday night and the email was in my inbox on Fri morning - I assumed without thinking that it was a follow up, clicked a link and logged in to a paypal a/c, the site crashed IE and I thought no more of it and shut down IE, logged in again the normal way and was happy out. As I wasn't taking much notice I can only assume the first mail Phished me :o

You live and learn - but do keep different passwords and do take steps to secure your account.

It wasnt me.

El Inho · 03-05-2012 1:36pm

JimFin wrote: »

Just to update on what happened since I first post.........

Logged the call with Google via the password recovery forms. Gave as much information as I possibly could to prove I owned the a/c. There is simply no way whatsoever of contacting Google by phone. Although I did read if you have any sort of contact within the company they may be able to nudge your case up a little.

I also reported the problem on the google product forums. While mods on there aren't google employees, any mod with a little blue mountain icon beside their username will have access to google and they to may be able to help get your issue looked at.

I lost the a/c on Fri morn, had it returned the following Wed afternoon. I was lucky and got "an ordinary decent hacker" who didn't delete my mails, didn't send out reuests for money and didn't frustrate the recovery process by replying to the mails in the Inbox from google saying there was a request to change the password.

Everyone should turn on two-step verification on your gMail accounts - do it now if you don't have it already. Its an extra layer of security that you may be very glad of one day.

As for how I got caught out, well I was and still am certain it was not a work colleague. Shortly after the password got changed, a payment was made from my PayPal account to a Czech telephone company for abut €40 (same paypal and gmail password ). I am still not certain but think I got caught out with a Phishing scam, despite sending an email warning to all my work colleagues only last year. I made a paypal payment on Thursday night and the email was in my inbox on Fri morning - I assumed without thinking that it was a follow up, clicked a link and logged in to a paypal a/c, the site crashed IE and I thought no more of it and shut down IE, logged in again the normal way and was happy out. As I wasn't taking much notice I can only assume the first mail Phished me :o

You live and learn - but do keep different passwords and do take steps to secure your account.

always baffles me! :P

but yeah with emails, you should always have a back up account to retreive accounts, and if possible a phone linked.

That way your covered.

Cork24 · 03-05-2012 4:16pm

You must be using some tiny weak passwords!!!

Their is no way some one should be able to hack you Email account if you have a Nice Long Strong password. My Gmail password is 24 lenghts Long using Caps and Numbers as well.

And my Security Question & Answer is hard to think up aswell. if a person know you very well he could guess your Answer

h57xiucj2z946q · 03-05-2012 4:26pm

Cork24 wrote: »

You must be using some tiny weak passwords!!!

Their is no way some one should be able to hack you Email account if you have a Nice Long Strong password. My Gmail password is 24 lenghts Long using Caps and Numbers as well.

And my Security Question & Answer is hard to think up aswell. if a person know you very well he could guess your Answer

eh key logger?

Cork24 · 03-05-2012 5:52pm

Key Loggers,

my old fav friend... if its a work PC that you think that you got hacked from them i would be asking some big question on there half...

Do you have a Virus Scanner and do you Scan the computer all the time if yes.. then No it was not a Key Logger as i Anti-Virus program would pick up a Key Logger..

syklops · 03-05-2012 6:05pm

Cork24 wrote: »

Key Loggers,

my old fav friend... if its a work PC that you think that you got hacked from them i would be asking some big question on there half...

Do you have a Virus Scanner and do you Scan the computer all the time if yes.. then No it was not a Key Logger as i Anti-Virus program would pick up a Key Logger..

AN anti-virus would pick up a software key logger that has been used before.

You can buy a hardware keylogger for about 80 euro. They take about 5 seconds to fit, and 5 seconds to take again. Then you take it home and you have all the persons passwords they typed in that day.

Edit: Also, someone who knows what they are doing could write a brand new key logger which there wouldnt be a signature for yet.

Cork24 · 03-05-2012 6:19pm

You need to be at the computer i think some one is going to notice a USB stick hanging out of the PC, or Laptop..

The whole point of Key Loggers is have it sent to the Users, if you can inbed well inside a file a Virus Scanner wont pick it up at the first sight.

Deliverance XXV · 03-05-2012 10:29pm

You can get USB keyloggers that fit between the keyboard USB connection -USB computer connection. Very discreet and hard to find as they could only be 1-2cm. Keyloggers can be installed multiple ways.

All the protection in the world can't protect you against... Sloppy and careless staff. Some good reading around the web of people ringing up service providers about forgotten passwords and staff allowing them set new passwords or set up alt email etc. Even on the Board's xbox forums there was a thread about people's xbox live's accounts have been accessed without any form of hacking. Sad, really.

syklops · 04-05-2012 11:13am

Cork24 wrote: »

You need to be at the computer i think some one is going to notice a USB stick hanging out of the PC, or Laptop..

You can get both USB and PS/2 keyloggers, that are about 2cm in length and fit between the cable and the computer. Considering most keyboards are plugged into the back of a computer you wouldn't notice it. I have a laptop and docking station, and I can't see where my keyboard is plugged in. My colleague has a desktop, and his desktop is on the floor with the keyboard plugged in the back. Short of checking the back every day he would have no clue a key logger is plugged in.

Cork24 wrote: »

The whole point of Key Loggers is have it sent to the Users, if you can inbed well inside a file a Virus Scanner wont pick it up at the first sight.

The whole point of key loggers is to log keys. There are numerous ways of getting the log back again. Some hardware loggers can email their log back to their owner, others can simply be removed by the owner or by a member of the cleaning staff.

clintondaly · 04-05-2012 11:15am

Didnt you have to give a back up email address when you signed up for gmail,this is requiired for things like forgetting your password etc.

12-05-2012 1:21pm

Cork24 wrote: »

You must be using some tiny weak passwords!!!

Their is no way some one should be able to hack you Email account if you have a Nice Long Strong password. My Gmail password is 24 lenghts Long using Caps and Numbers as well.

And my Security Question & Answer is hard to think up aswell. if a person know you very well he could guess your Answer

If you re-use your email password on another site theres nothing to stop that site Admin from logging you password in plain text. Or if the site got compromised a hacker could edit the login script to store your details in plain text.

Didnt you have to give a back up email address when you signed up for gmail,this is requiired for things like forgetting your password etc.

A hacker will simply edit/remove the password recovery email when he's changing your password and security question.

infodox · 13-05-2012 6:33pm

*CRASHED IE*

Opinion: You just got browser autopwned sir, and that computer needs to be quarentined and disinfected. Any USB devices that connected to it need to be sanitized.

My Advice: Stop using Internet Explorer. Use something decent, Opera is a fairly good alternative, as is Chrome. better still is Vmware Browser Appliance.

Finally, from a KNOWN CLEAN system (Live Disc) change ALL your passwords, security questions + answers, etc.

gMail A/c hacked

Comments